Is there more detailed information about how the CEF field mapping works?
I've tried the cef_field_map statement in the realtimeoutput.conf, but that doesn't work and the dragndrop in the gui also does not map any fields.
The only thing that seems to work is to use the eval statement in the search to create fields that match the original cef field names. Then the Real-Time Output app will output them.
Is there anyone who has some experience or who has a manual?