AnsweredAssumed Answered

Tag Value Map On Multiple Delimiters

Question asked by Joe Gumke on Apr 12, 2017

I have a dynamic log format that I need to leverage a tag value map. Problem is that I have different delimiters in the log format, and changing the format is not possible.

Question is : Can I leverage more than one type of delimiter in the tag value maps? If so, how?

Below here I have a major delimiter of equals sign "=", and at the end is a colon ":".

 

 

Log Sample :

1491767247 testSender flows src=1.1.1.1 dst=2.2.2.2 protocol=udp sport=1 dport=2 pattern: allow (src 1.1.1.1/514)

Outcomes