In transforms.conf, I have a transform defined like this:
[mytransform-fromlist]
REGEX = from=(?<fromlist>\w+)
I want to extract an additional field from the fromlist. I'm trying to do this in props.conf with something like this:
REPORT-fromlist = mytransform-fromlist
EXTRACT-from = (?<from>.*) in fromlist
Note that the trivial from regex is just for testing so that I can assure that the from field will show up in the search results.
When I run this search, I do see the fromlist field, but not the from field. I figure that somehow the fromlist is not available to EXTRACT-from at search time. But I can't find any documentation on this.
I also tried using a transform to extract the from field by adding this to transforms.conf:
[mytransform-from]
REGEX = (?<from>.*)
SOURCE_KEY = fromlist
...and a corresponding REPORT in props.conf like this:
REPORT-from = mytransform-from
Help!