I created a regex extractor against a firewall syslog message similar to this string smtp-proxy[2155]: msg_id=“1BFF-000F” Allow rcvd_bytes=“7885” sent_bytes=“6333” and when I search for the msg_id, the expanded message shows smtp_rcvd_bytes: 7885.
The extractor includes the conversion to numeric at the bottom yet when I bring up the field statistics for smtp_rcvd_bytes I only get the count - all fields except for cardinality show NAN so I can’t graph this value either.
This is what the extractor shows:
Condition
Will only attempt to run if the message includes the string msg_id=“1BFF-000F”
Configuration
regex_value: rcvd_bytes="([0-9]+)"
Converters
numeric