I read all the similar topics here in the community but nothing helped for me…
how can I change the value of the default source field? I got some firewalls and FTP-Server, they got the Log-Date in the source field instead of the device name. I want to change that.
in the message field i got the key-value pair devname=blablabla and I would like to have that “blablabla” in general in my source field.
How is the easiest way to implement this? Which extractor should I use and how should it look like?
Thank you so much!