Unanswered questions

Every time we update openshift in azure, my cribl config is lost. since we have the free version, we cannot use git repository. would using persistent storage helps keep the config because the update process drains the node from the cluster and restart them on another node. I suspect this is why the config is not kept.

Can i install Cribl Edge on my worker nodes without any production impact. `I want to use Cribl  Edge to monitor my Cribl Workers and certain files

cisco_asa_cleanup pack is not working for me, now sure how to make it work , need help in utilizing it, sample logsOct 1 03:23:58 asa_server_ip %ASA-6-302014: Teardown TCP connection 39876417 for VTI-Murex-abc:xx.xx.xx.xx/443 to inside:xx.xx.xx.xx/44714 duration 0:00:00 bytes 9514 TCP FINs from inside 0 0Oct 2 06:51:58 asa_server_ip %ASA-6-302013: Built inbound TCP connection 39876427 for VTI-Murex-abc:xx.xx.xx.xx/34664 (x.x.x.x/34664) to inside:xx.xx.xx.xx/443 (x.x.x.x/443) -1 -1Oct 3 04:54:58 xx.xx.xx.xx %ASA-6-302013: Built outbound TCP connection 39876426 for VTI-Murex-abc:x.x.x.x/443 (xx.xx.xx.xx443) to inside:x.x.x.x./14326 (xx.xxx.xx.xx/14326) 1 5Oct 5 01:54:58 xx.xx.xx.xx %ASA-6-302020: Built inbound ICMP connection for faddr xx.xx.xx.xx/54615 gaddr x.x.x.x/0 laddr x.xx.x.xx/0 type 8 code 0 Internal-Data0/-1:RX[-1]Oct 15 07:54:58 xx.xx.xx.xx%ASA-6-106015: Deny TCP (no connection) from x.x.x.x/38492 to xxx.xx.xx.x/6425 flags ACK  on interface VTI-Murex-abc  

Hi all i am trying to upload few packs into stream leader using files but getting below sample error Error while installing Pack file cribl-cisco-asa-cleanup-1.1.15 (1).crbl in Group: Dev-OP: failed to install: ENOENT: no such file or directory, open '/opt/cribl/state/packs/cribl-cisco-asa-cleanup.LtY1yaM.tmp/data/lookups/asa_drops.csv'. what does this error suggest we have already uploaded few which got uploaded. 

​Hi Team,I’m working on an SNMP trap pipeline where:Input event has fields like trap_name and trap_varbind_apSysMgmtTaskSuspend.I have a Lookup table that maps:trap_name → varbindname → Output_attribute_value.After Lookup, I want to create a new field dynamically:Field name = value of Output_attribute_value (e.g., id)Field value = value from the field referenced by varbindname (e.g., trap_varbind_apSysMgmtTaskSuspend).I tried using Eval with:JavaScript[Output_attribute_value] = get(__payload, varbindname)Show more lines…but got Unallowed assignment operator error.Then I tried a Code function: JavaScriptconst targetField = event.Output_attribute_value;const sourceField = event.varbindname; if (targetField && sourceField && event[sourceField]) {event[targetField] = event[sourceField];}Show more linesBut the new field (id) still doesn’t appear in the final JSON.Questions:Is Code function the right approach for dynamic field names?How can I verify Lookup values before Code

We would like to stream data into RDBMS, but we don’t see the option rdbms destination. How can this be achieved?

HI all  I am trying to create a pipeline where all syslog data will land and i want to filter the events from device i want based on a string in _raw filed like firewall or any other unique string.i have tried _raw.includes(‘Firewall’) or /Firewall/ though when i  check in advanced mode in filter tab it matches the correct event but when i am checking it on a sample log i have built for testing it passes all the events regardless of filter.I know this can be done in routes itself but still would prefer if i could build a pipeline and more function inside it for each sources.