Hi @sanchez
My name is Shay and I will try to help you with this case.
A bit information about Log Exporter files:
Under log_exporter main directory ($EXPORTERDIR) you will find conf dir where all configuration files exist.
This files are the default files and should not being changed at all.
The reason is because these files are copied to every new log exporter instance you create.
Once a new log exporter instance is created, a new dir for this exporter is created under $EXPORTERDIR/targets/<exporter_name>.
For each exporter instance, you can find conf directory where all configuration files are copied to (the default files).
Any change should be done on these files (the relevant files) in this specific scope.
Now to your issue 🙂
You want to change the mapping of your exporter in order to add 3 more fields.
Since you are using CEF format, go to your exporter's conf directory ($EXPORTERDIR/targets/<exporter_name>/conf) and look for file named CefFieldsMapping.xml.
Backup this file before any changes.
Modify this file by adding the new 3 fields (make sure to add them under <fields> tag):
<field><origName>src</origName><dstName>cef_src</dstName></field>
<field><origName>rt</origName><dstName>log_ts</dstName></field>
<field><origName>dst</origName><dstName>cef_dst</dstName></field>
I'm not sure about rt since rt is already dstName of time field. in case you need to map it, you should do this using time field (an example can be seen on the file itself).
After these changes, you need to restart the exporter in order to reload this configuration by running cp_log_export restart name <exporter_name>
Please let me know if you need any additional help.
Regards,
Shay
