Hello to the community!
I have the following jboss log:
[2018-12-07 14:17:23,661] [INFO] [xxx.common.ldap.connections.TimedAuthenticator] (default task-4) () Authentication succeeded for dn: CN=XXX,OU=YYY,DC=external,DC=ZZZ,DC=LLL
Using the jboss app, I have the following field name and value:
signature=Authentication succeeded for dn: CN=XXX,OU=YYY,DC=external,DC=ZZZ,DC=LLL
How can I keep this value and on top of that create the following name/values:
My goal is to normalize the logs and map them to CIM in order to be parsed properly by Enterprise Security App.
You can use FIELDALIAS in props.conf. Or use an eval at search time.
View solution in original post