When selecting the field of your message choose create extractor for field message -> replace with regular expression
in regular expression you can for instance try User: or something like (User:|,VirusFound:(Yes|No)) and in replacement "" only attempt if field matches regular expression: User*Machine*VirusFound somethink like that Le mercredi 30 décembre 2015 10:36:07 UTC+1, Arik Nachmias a écrit : > > Hello Everyone ! > > I Have been using graylog for a while now , i know my way in Regex / Grok > and everything (but not so on Drools) > Is there a way you can think of which will allow me to concatenate two > fields ? , I Would like to do a statistics on Users/Machines (from a log i > have) , Only implementation i saw was using Drools - but not so sure it > works (i can post my rule) , > > Is there a way to do it via Extractor ? > > I.E - Log Example : > > User:Arik,Machine:Pork,VirusFound:Yes > > Would like to have one field which will be > > Arik|Pork > So i can do a stacked chart on it - if there was a way to do a chart on > Two Fields instead of one - that would solve the problem as well > > Thanks! > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/22f00ea0-996a-4dec-ae51-272cda152b2e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
