Integer formatting in syslog standard fields | Voters

Integer formatting in syslog standard fields

in progress

Yuki'la Botsford'la

Currently all fields ingested as strings. Standard syslog fields (ie pri and facility) should be formatted as integers to allow for queries like

where sonicwall.pri < 5

to search for syslogs with a severity of warning and above.

Chris Bisnett

marked this post as

in progress

Chris Bisnett

Yep, you are correct, all of the fields are currently translated into strings. This is something we're working on right now.