Need to be able to look for a source using any type of case
I am a bit unsure of the syntax, this command works as long as the source is exactly as this, but ideally I want it to search for any type of case as path can be LogFiles or Logfiles
if [source] =~ "C:\Windows\System32\LogFiles\Firewall*.log"
Advice is greatly appreciated.
have added a mutate before the source and changed slightly what I am monitoring, works with no issues
mutate {
lowercase => [ "source" ]
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.