SWEET.
That was it.
Final config for props.conf:
props.conf:
[source::udp:22514]
EXTRACT-user = User: (?[^(|^,]*)()
EXTRACT-ServiceApp = Service/App: (?[^,]*)
EXTRACT-AccessProtocol = Access/Protocol: (?[^,]*)
EXTRACT-group = User Group: (?.+?)Port
EXTRACT-port = Port: (?[^,]*)
EXTRACT-Transaction,Address,DeviceName = Transaction: (?[^,]*),\s+Address: (?[^,]*),\s+Device (name|Name): (?[^,]*)
EXTRACT-priv_ip,pub_ip = Private IP: (?[^,]*),
EXTRACT-pub_ip = Public IP: (?[^,]*),
EXTRACT-nat_proxyIP = Nat/Proxy IP: (?[^,]*)
EXTRACT-src = Source IP: (?[^,]*),
#EXTRACT-Details = Details: (?.+)
REPORT-Details = Details
REPORT-message_id = message_id
REPORT-message = message
Final config for transforms.conf:
[message_id]
REGEX = Message (?\d+):
FORMAT = message_id::$1
MV_ADD = true
[message]
REGEX = Message \d+:(?.+?)(:|$)
FORMAT = message::$1
MV_ADD = true
Could you actually ANSWER my question so I can mark this as answered and you get cred?
Thanks
... View more