All is in the title I want to filter with the first data in my grok filter to use an other grok filter
Can you explain us the problem with example please ?
For example I have something like this to parse :
"Application data 220.127.116.11 on like"
The problem that I have is that the data hasn't the same format everytime, sometimes it will be something like this :
"Application 10.12.14.15 18.104.22.168 word word word word"
So I wanted to know if we can just get the first data (the field Application in my example) to create some conditions (some if in the .conf file) to filter following the application that we get
Can you add your answer? Then others having the same problem can learn from it as well
it's written in my last message, you can close it
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.