Greetz,
Does anyone know if multiple SEDCMDs are supported at index time in props.conf?
Also, can I implement this search through a regex transform or any other way?
sourcetype="vul:foresight" | rex mode=sed "s/\\\\\\//\\//g" | rex mode=sed "s/\\\n/\n/g" | rex mode=sed "s/<13>.*\.\.\.//g" | rex mode=sed "s/\.\.\..*\n//g" | rex mode=sed "s/^<13>//g"
Thank you.
