Thanks for the Reply , I Am not aware of a Replace extractor , how do you do that?
On Thu, Jan 7, 2016 at 2:44 PM, kaiser <[email protected]> wrote: > Hello, > > To do that I guess I would make a first copy of the log into another field. > Then I would use several replace extractors to replace "user:" with empty > string, ",Machine:" with | and ",VirusFound:(true|false)" > with empty string. > I would also add the condition that the log would contain user machine and > VirusFound > > regards > > Le mercredi 30 décembre 2015 10:36:07 UTC+1, Arik Nachmias a écrit : >> >> Hello Everyone ! >> >> I Have been using graylog for a while now , i know my way in Regex / Grok >> and everything (but not so on Drools) >> Is there a way you can think of which will allow me to concatenate two >> fields ? , I Would like to do a statistics on Users/Machines (from a log i >> have) , Only implementation i saw was using Drools - but not so sure it >> works (i can post my rule) , >> >> Is there a way to do it via Extractor ? >> >> I.E - Log Example : >> >> User:Arik,Machine:Pork,VirusFound:Yes >> >> Would like to have one field which will be >> >> Arik|Pork >> So i can do a stacked chart on it - if there was a way to do a chart on >> Two Fields instead of one - that would solve the problem as well >> >> Thanks! >> >> >> -- > You received this message because you are subscribed to a topic in the > Google Groups "Graylog Users" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/graylog2/3cIo05cWhRk/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To view this discussion on the web visit > https://groups.google.com/d/msgid/graylog2/9678d0d5-ef90-4bf2-a901-0fa2ba2e7733%40googlegroups.com > <https://groups.google.com/d/msgid/graylog2/9678d0d5-ef90-4bf2-a901-0fa2ba2e7733%40googlegroups.com?utm_medium=email&utm_source=footer> > . > > For more options, visit https://groups.google.com/d/optout. > -- [image: logo] *Arik Nachmias** CEO**, Trion Logics Security Solutions LTD* | Mobile: 972-52-2346104 www.trionlogics.com -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/CA%2BxN%2BrJxnAauxOGK5b%2Bc%3DSE5s%3Dm1w2J1sXAzJN_wK_h%3DhsZRcg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
