In raw there is a field called origin="123456"
I want to extract this from the events
how can I do this?
Question
Extract Fields from raw
There are many ways. Easiest may be the Parser function. You could also use the Regex Extract function, or an Eval function with a regex pattern match inside it.
I'd highly recommend you visit sandbox.cribl.io and Cribl University to begin your Cribl journey.
I have used Regex Extract to do this example -
I have a event-
raw: origin=123.123.123.123
host: 233.233.233.233
I want to make those fields host = origin, with the help of regex I extracted both origin and host which function will allow me to do this next.
host = orgin
You can use Rename to rename origin to host, or you can use Eval to set host = origin
Sign up
Already have an account? Login
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.