Hello guys,
in fact, this question is about 2 independent things, but I see interesting
parallels to think about both topics together:
I know, that it je possible to create SEC rules configurations
(correlators), to process:
- "multi-line" logs (means having message separator other than "\n")
hi Andres,
the %user action list variable gets indeed overwritten if multiple
deployments for different services are ongoing simultaneously. However, you
can utilize DEPLOY_STARTED_ context for storing the user name for
the given service (provided that you are not using this context already for
Hello,
I have rule that creates context if software deploy is started. The json
message also consists user variable which I like to pass on to second rule
that do not have this user in the pattern. Tried multiple solutions but
unfortunately I was unable to do that.
* First rule creates context
