Does the apache parser drop data in a search?

Comments

1 comment

  • Avatar
    Kevin

    In your example the only messages that will return are the messages that fit the default Apache log format. Messages must match at least one segment of the supplied parse expression otherwise they are dropped from the results. Adding the "nodrop" option forces results to also include messages that do not match any segment of the parse term.

    Ex. | parse using public/apache nodrop

    https://service.sumologic.com/ui/help/Default.htm#Parse_nodrop_Option.htm

    0
    Comment actions Permalink

Please sign in to leave a comment.