Hi all,
We are sending logs to our logs receiver from Zscaler proxy. Most of the field names are appearing correctly, except few of them.
For example- dst=%s{sip} is correctly mapped and the IP address appears in the titled filed.
But, cn1=%d{riskscore} cn1Label=riskscore , these 2 should have been like- riskscore=%d{riskscore}
I tried changing this mapping in the loging format, but then the value of cn1 goes blank. Currently the logging is creating 2 fields in destination logging server, where one field is containing only riskscore and other field is containing the value of riskscore. I want the value of riskscore to come in the field of riskscore.
Can someone plz explain how to do it correctly !!!
Thanks in advance
kriss