I am splitting my umbrella DNS and proxy logs by sourcetype as per the instructions in the guide (opensdns:dnslogs, opendns:proxy).
However, the field extraction for the proxy logs is not working correctly.
DNS is working great and I can search by category, action, etc but these same field extractions fail for the opendns:proxy sourcetype events.
Am I missing something obvious?
... View more