In Management area under Event Forwarding, I am trying to forward specific events by using the filter in the edit destination area. If I add something like (text matches) "security" "error" etc, I can test it with "Run in Interactive Analytics" and get loads of events. But when i hit save, it does not send any data and has a state of idle. I have let it sit this way for some time and nothing is being sent.
Also, if I remove the filter, it starts sending everything just fine, just too much...
Am I missing something here?
Tim
They are allowed with the matches operator, they are not allowed with the contains operator change like I suggested and save on Event Forwarding and it will work -- I have a blog post on this planned for next week. Note you will NOT be able to test on IA given matches changes to contains -- if you want to test then after making it back to IA, change "contains" to "matches regex". I hope this helps!
This issue is that the "matches" operator works differently from the "contains" operator. For matches it must match EXACTLY. Try adding *security*, *error*, etc and it should work. I will have a blog post on this soon.
no-go ('*' and '?' are not allowed as the first characters of a search term (text* and te*t are allowed, but *text is not) Plus it auto fills the words for me as i type due to what it can see in the events.
It doesn't mater what I chose, ALL forwarding immediately stops when any filter is applied. Remove filter and it floods the syslog servers...
Looks like a bug to me, but I have a support call in and will see what they discover.
They are allowed with the matches operator, they are not allowed with the contains operator change like I suggested and save on Event Forwarding and it will work -- I have a blog post on this planned for next week. Note you will NOT be able to test on IA given matches changes to contains -- if you want to test then after making it back to IA, change "contains" to "matches regex". I hope this helps!
Ahhh, now I see why... Thank you for the help, little bit of a puzzle, but once you see it, it comes together...