Adding static field with GROK extractor


#1

A bunch of GROK extractors is used on the same input and I would like to know, which extractor has been used for each event. The first, what came into mind, is adding of static field. It could help to identify unused extractors, besides if such field is a number, I could use it to generate charts of event cardinality.
Is it somehow possible by using Grok pattern field or in other relatively simple way?


(Jochen) #2

If you were using the processing pipeline, your rules could add a static field depending on which rule ran:

With the Grok extractor, that’s not possible.


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.