Hi Friends. I am taking in cef syslog messages from an application called Secret Server. The messages are not parsing correctly because some of the fields usernames have a slash in the username. The format is domain\username.
I am trying to use mutate to remove the domain\ from the username field and failing.
OK, it is an oddity of the configuration compiler that you cannot escape a backslash at the end of a string. The backslash always escapes the closing double quote. The standard workaround for this is to use a character group that evaluates to one occurrence of a backslash.