Paolo,
I was trying to create Field extractions from source for multiple sourcetype.
Is there a way to create single extract for multiple sourcetype?
Ex: sourcetypes: (The source is has the serverName)
soa:access:log
soa:server:log
Trying to create Field extraction as type=inline
Name:EXTRACT-SOA-ServerName
sourcetype: soa:.*:log
Extraction / Transformation: (?SOA[0-9]+) in source
However the above one is not working
when I am trying to search : index="soa" sourcetype="soa:server:log"
Let me know what i missed out?
Thanks in advance
... View more