Get the host name of a source during sessionize


1 comment

  • Avatar
    Kevin Keech

    a.) What you are using is correct, to escape double quotes you use a backslash. We would need to see an example of both types of log messages along with the query you are attempting to use in order to validate the context of the query and how you are using sessionize.

    b.) There is a "hostname" within the log messages themselves, is this the "host" you are wanting to get? If so you should be able to pull this as part of the sessionize operation or as part of a standard "parse nodrop" operation.



    Comment actions Permalink

Please sign in to leave a comment.