Similar issue to Sonny.
I have a a variable indeterminate number of keys (up to 1 million) some of which are in each log message and each key has an associated count. The "keys" are numeric given the large number of potential keys. There is standard fixed format prefix information that is handled correctly.
L-rec1 std-stuff[987=31,13=2, 70201=11]
Lrec2 std-stuff[91453=87,861=101,31297=76,78=1001,987=11,123=678,135=246,971=677]
Search picks up the key value pairs as "field1" to "fieldn" where there are about 900 max Kv pairs.
I want to work with the keys (group, scatter).
Any suggestions would be appreciated
:-)
... View more