| rex field=_raw "CallerName=(?<lastname>\w+),(?<firstname>\w+)" should do the trick. if you want to grab both, "CallerName=(?<Callername>\w+,\w+)"
... View more
Hi Kai,
We are aware of this problem and the patch for this problem is tentatively slated for 2.0.2. In the mean time you can get this to work by making a small modification in /bin/mi_base.py.
Line 117: should_execute = self.clustering_precheck()
replace this line with should_execute = True
Please do this only when you run dbx on a forwarder. This workaround has not been extensively tested either. This workaround should be used at your own risk.
... View more
We are aware of this problem. The patch will be applied to a future version. In the meantime, please wrap your query in the following way as a workaround:
SELECT * FROM (SELECT * FROM yourtable WHERE yourcondition) AS temp
... View more
how about adding a field? you can add the following to your search:
| rex field=host /log/var/(? .*)/
you can also add it to your field extractor. Would this work?
... View more
how is your log configured right now?
CustomLog ${APACHE_LOG_DIR}/myvirtualhost/access.log
For example, if logs from a virtual host are organized under ${APACHE_LOG_DIR}/myvirtualhost, you can add the following line to your input.conf
[monitor:///var/log/apache/myvirtualhost]
host_segment = 4
That way, "myvirtualhost" will be the host name for all log files that live under myvirtualhost.
Sorry If i misunderstood your question.
... View more