Hej Aleksey, I want to achieve two goals: 1. Extract name=value pairs from audit records ‒ this can be solved by using key=value extractor 2. Aggregate complete audit event (three audit records) into a single message ‒ I don't know how to solve this problem the second is - at the moment not possible with Graylog.
You would need to write your own plugin that perform this merge for you. with kind regards Jan -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/etPan.57bb1853.55fffe9f.7f2c%40jalogisch.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: Message signed with OpenPGP using AMPGpg
