Occasional Contributor II

Ingress Events Dictionaries - global field /variable - multi-line log.


I have a problem with counting port 80 instances in a multi-line log.


When CPPM parses a multi-line log incoming in one second, correctly assigns enforcement profiles to newly created events (in my case, it's 3 events when the port 80 will appear in the log line), but unfortunately, it only once executes enforcement profiles for my attribute in which I count the occurrence of port 80.


Is it possible to implement a global field / variable to pass values to the next event?

Below is an example multi-line log incoming in one second:


root:|unknown (80/tcp)|92567|description|
root:|unknown (80/tcp)|92567|description|
root:|unknown (80/tcp)|92567|description|



Search Airheads
Showing results for 
Search instead for 
Did you mean: