Hey Everyone,
How do you map a field from the logs to another field. So for example if I have the following log
message":"03-MAR-21 00:30:46|142.122.217.10 |1| I want to parse out |1| but also then map it to an index that says Authentication failed. So for example:
|1| would be Auth failed
|2| would be auth passed.
|3| would be logout
We have the numbers in the logs but I want to have it show up as a more user friendly field. So we don't have to lookup what |1| means, we would know that it means Auth Failed
What's the best way to do this?