That'll be useful.
I guess you'll reserve a variable name with something like
$+{currentInputSource}.
Thanks and high regards,
Rock
~
2011/4/7 MILLS, ROCKY (ATTSI) :
> Risto, et al,
>
> Advantages of input field within rule sets:
>
...
> 4. eliminates extraneous perl code to extract "input" fil
2011/4/7 MILLS, ROCKY (ATTSI) :
> Risto, et al,
>
> Advantages of input field within rule sets:
>
...
> 4. eliminates extraneous perl code to extract "input" file/source name
>
Actually, this issue is best addressed with named match variables that
were introduced into the 2.6 version. Previously,
Risto, et al,
Advantages of input field within rule sets:
1. reduce or eliminate command line option inputs
Allowing input sources to be specified within rule sets
2. introduce events at specific points into rule sets
Without needing to setup sometimes complicated dependencies
hi Uwe,
the problem you are seeing is caused by a side effect of Pair rule, but
can easily be fixed by changing the 'pattern2' field just a bit.
Let me explain why this happening. After you have submitted SEC the
first 4 input lines, SEC has two event correlation operations running
that have be
Hello,
can anybody help with my problem with the Pair rule?
My logfile gets the following input from a monitoring script:
moncheck:WARNING:node:itservice:source:subsource1:message
moncheck:WARNING:node:itservice:source:subsource2:message
The events should be treated as equal for "action" and
On 04/05/2011 11:54 PM, MILLS, ROCKY (ATTSI) wrote:
> For discussion only -- not an immediate need to be addressed.
>
> ~
>
Well, the 'input' field looks like a synonym to the file context to
me... Maybe I haven't got all the details for the 'input' field, though.
However, there is one danger re