On 12/12/2011 04:01 PM, Alberto Cortón wrote:
Hi,
I would like to know if any of you have used SEC for normalizing log data. My
first approach to this was to generate normalized events like this:
action = event
On 12/12/2011 04:01 PM, Alberto Cortón wrote:
Hi,
I would like to know if any of you have used SEC for normalizing log data. My
first approach to this was to generate normalized events like this:
action = event
hi all,
some months ago, we had a discussion on rewriting input events:
http://sourceforge.net/mailarchive/forum.php?thread_name=4E066179.3010304%40willingminds.comforum_name=simple-evcorr-users
Would a similar feature be of interest to the end users? :)
I was thinking about attacking the
Thank you very much, Risto. This is exactly what I was looking for.
Also thank you David for pointing out liblognorm. I didn't know about it and
it's pretty interesting.
Best regards,
On Tue, 13 Dec 2011 14:05:28 +0200
Risto Vaarandi risto.vaara...@seb.ee wrote:
On 12/12/2011 04:01 PM,
On Tue, 13 Dec 2011, Risto Vaarandi wrote:
...to add another idea -- if you want to run a very fast normalization
on logs with multi-line events, you could also take advantage of the
LogPP (Log PreProcessor) utility at http://logpp.sourceforge.net.
I wrote it some years ago for fast
On 12/13/2011 4:20 AM, Risto Vaarandi wrote:
hi all,
some months ago, we had a discussion on rewriting input events:
http://sourceforge.net/mailarchive/forum.php?thread_name=4E066179.3010304%40willingminds.comforum_name=simple-evcorr-users
Would a similar feature be of interest to the end
2011/12/13 da...@lang.hm:
On Tue, 13 Dec 2011, Risto Vaarandi wrote:
...to add another idea -- if you want to run a very fast normalization
on logs with multi-line events, you could also take advantage of the
LogPP (Log PreProcessor) utility at http://logpp.sourceforge.net.
I wrote it some
Of course I would be interested too :D
Using varmaps is somewhat limited. For instance, AFAIK you can't assign a
variable the string 'deny' regardless the value of the captured group is
'Deny', 'denied', 'DROP', etc
Regards,
On Tue, 13 Dec 2011 10:26:36 -0800
Mark D. Nagel
