Tag Value Map On Multiple Delimiters
I have a dynamic log format that I need to leverage a tag value map. Problem is that I have different delimiters in the log format, and changing the format is not possible.
Question is : Can I leverage more than one type of delimiter in the tag value maps? If so, how?
Below here I have a major delimiter of equals sign "=", and at the end is a colon ":".
Log Sample :
1491767247 testSender flows src=126.96.36.199 dst=188.8.131.52 protocol=udp sport=1 dport=2 pattern: allow (src 184.108.40.206/514)
- Community Thread
- custom parser
- Forum Thread
- parser xml
- RSA NetWitness
- RSA NetWitness Platform