Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #check to see if the 2 username fields are the same, if they are merge them and remove old fields, if they are not alert
- if [user_session] and [user_service] and [user_session] != [user_service] {
- mutate {
- add_tag => [ "alert" ]
- }
- }
- else {
- mutate {
- add_field => { "samba_user" => "%{user_session}" }
- remove_field => [ "user_session", "user_service" ]
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
