Extractor with "Cut" Doesn't seem to be cutting

Installed the reighnman “Windows DNS Content Pack” today. I’m using the “Sidecar method” because I had issues getting nxlog to play ball. It works well so far.

What doesn’t seem to be working though is the Extractor that replaces the parenthesized numbers with a period.

When I go to Inputs->Mange Extractors->Edit and click “Try”, it’s working. For example, (3)fun(3)net(0) is converted to .fun.net. (I could do without the leading and trailing dots, but that’s another day). It is set to “Cut” instead of “Copy” and the way I understand things, it should replace the Name field with the version with periods instead of the parentheses.

But, when I look at the Messages in Search, it shows the Name with the parentheses.

Am I looking at this wrong, or is there something I’m just missing?

Here is the Extractor Test:

Example message1116×662 34.6 KB

Here is a snip of the Search result showing the Name field.

Thanks,
Kevin

For the sake of someone stumbling across this with the same “problem”. I figured it out this morning.

The order of the extractor rules were backwards. The rule that extracted the “Name” field was after the one that converted the parenthesized Name into the dotted Name.

Now, I’m back to trying to remove the leading and trailing dots from that name…

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.