lar expression.
>
> So, in my example below, the text in red below the second field indicates
> this test message would not have its number extracted because it's not from
> the correct process. (I used 'kernel2' as the test, see?)
>
> Does this help ans
I am testing Graylog and immediately the first device is not RFC compliant
and I cannot adjust the UDP port. I also know the second device/vendor i
need to add will have the same issue.
Is there a way to apply an extractor to only specific sources or
source-ip's ? Or am I forced to setup a secon