my field extractions are not working
tranforms.conf file is
[tms_iisfields]
FIELDS = "date","time","s-ip","cs-method","cs-uri-stem","cs-uri-query","s-port","cs-username","c-ip","cs(User-Agent)","sc-status","sc-substatus","sc-win32-status","time-taken"
props.conf file is
[iis-2]
rename=tms-iis
[tms-iis]
CHECK_FOR_HEADER = False
MAX_TIMESTAMP_LOOKAHEAD = 128
TIME_FORMAT = %Y-%m-%d %H:%M:%S
REPORT-tms_iisfields = tms_iisfields
and search output is
2011-12-19 13:35:56 172.27.70.10 GET /OTPAuthentication/Service.asmx - 443 - 72.246.50.40 Python-urllib/1.17 200 0 0 62
2011-12-19 13:35:56 172.27.70.10 GET /OTPAuthentication/Service.asmx - 443 - 72.247.36.53 Python-urllib/1.17 200 0 0 78
but not showing fields "date","time","s-ip","cs-method","cs-uri-stem","cs-uri-query","s-port","cs-username","c-ip","cs(User-Agent)","sc-status","sc-substatus","sc-win32-status","time-taken" in output
kamal singh bisht
