I'm already extracting the byte size from the event using this:
\s+bytes\s+(? \d+)\s
Is there a way to do an inline Field Extraction to also determine the incoming and outgoing IP?
Here is a sample of an event:
2012-05-11 12:49:41 Local3.Info 192.168.100.1 May 11 2012 12:49:41: %ASA-6-302014: Teardown TCP connection 11221124 for outside:65.208.108.42/42756 to inside:192.168.100.123/443 duration 0:01:24 bytes 561803 TCP Reset-O
... View more