@Karthikeya Apply the below configurations for the index time field extractions. props.conf transforms.conf I have uploaded the sample events to my lab environment and applied the above...
See more...
@Karthikeya Apply the below configurations for the index time field extractions. props.conf transforms.conf I have uploaded the sample events to my lab environment and applied the above configurations. The fqdn field was successfully extracted. Please refer to the screenshot below Sample events: {"timestamp":"2025-04-10T12:34:56Z", "vs_name":"v-juniper-uat.opco.sony-443", "status":"active"} {"timestamp":"2025-04-10T12:35:01Z", "vs_name":"qa-nginx-dev.opco.abc-8443", "status":"active"} {"timestamp":"2025-04-10T12:35:06Z", "vs_name":"prod-apache.opco.xyz-9443", "status":"inactive"} {"timestamp":"2025-04-10T12:35:10Z", "vs_name":"test-web1.opco.something-8080", "status":"active"} {"timestamp":"2025-04-10T12:35:15Z", "vs_name":"edge-juniper-uat.opco.sony-443", "status":"active"} NOTE: If you use heavy forwarders, the props.conf and transforms.conf changes should be applied to the heavy forwarders instead of the indexers.