Hi there,
im sending my DNS logs into graylog and that is working as expected. What would be the best way to convert the below:
(3)www(8)linkedin(3)com(0)" so that it appears in a new field with www.lilnkedin.com for example.
Would it be a pipeline rule and if so what sort of syntax would i be looking for? i need to be able to normalise these as im also receiving DNS queries from another source so need to be able to correlate them easily enough
Thanks