Hi, maybe this has been asked before but is it somehow possible to create something like a lookup table that can be used in a query?
Reason I’m asking is I’m querying an HAProxy syslog for 401’s but I need to exclude a long list of test related IP’s. Instead of hardcoding all the IP’s in the query maybe it is possible to use a variable to something similar.
Gr,
L
I would mark the messages that are test related in the processing that you are able to just say that the field “non_test” exists - or other way around.
That would make the query easier and faster.
Hi Jan,
Thanks for your suggestion, it does seem that tagging the messages early in the input chain would be the best option.
Thanks!
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
