Hello, To do that I guess I would make a first copy of the log into another field. Then I would use several replace extractors to replace "user:" with empty string, ",Machine:" with | and ",VirusFound:(true|false)" with empty string. I would also add the condition that the log would contain user machine and VirusFound
regards Le mercredi 30 décembre 2015 10:36:07 UTC+1, Arik Nachmias a écrit : > > Hello Everyone ! > > I Have been using graylog for a while now , i know my way in Regex / Grok > and everything (but not so on Drools) > Is there a way you can think of which will allow me to concatenate two > fields ? , I Would like to do a statistics on Users/Machines (from a log i > have) , Only implementation i saw was using Drools - but not so sure it > works (i can post my rule) , > > Is there a way to do it via Extractor ? > > I.E - Log Example : > > User:Arik,Machine:Pork,VirusFound:Yes > > Would like to have one field which will be > > Arik|Pork > So i can do a stacked chart on it - if there was a way to do a chart on > Two Fields instead of one - that would solve the problem as well > > Thanks! > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9678d0d5-ef90-4bf2-a901-0fa2ba2e7733%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
