How to use regex to exclude events containing "session-6-305012" before indexing?
sample event:
1.2.3.4 :Jul 06 20:12:40 UTC: %ASA-session-6-305012: Teardown dynamic TCP translation from inside:1.2.33.55/10447 to outside:22.33.44.55/29479 duration 0:00:30
You need to follow instruction from below documentation. Just update REGEX per yours.
REGEX = session-6-305012
You need to follow instruction from below documentation. Just update REGEX per yours.
REGEX = session-6-305012