Need some help, I want the fields "$srcip, $srcport, $dstip, $dstport" to be put together in another field, called "$netinfo", how do I do it ?? My logs #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto trans_id query qclass qclass_name qtype qtype_name rcode rcode_name AA TC RD RA Z answers TTLs rejected #types time string addr port addr port enum count string count string count string count string bool bool bool bool count vector[string] vector[interval] bool 1482865188.959602 CMyjvLxxxxxxx0MJjb xxx.xx.192.250 3xxx xxx.xxx.162.xxx 53 udp 19626 - - - - - 0 NOERROR F F F F 0 - - F 1482865189.162798 CW1kwxxxxxxxC3Ug0j xxx.xx.192.250 xxxx5 xxx.xxx.xxx.xxx 53 udp 250 r4.sn-a5m7znes.googlevideo.com - - - - 0 NOERROR T F F F 0 xxx.194.xxx.233 1800.000000 F 1482865189.182565 Cir6Sz3xxxxxO60PD6 fe80::xxx:f35c:xxxx:61ad 65535 ff02::1:3 5355 udp 1772 host 1 C_INTERNET 1 A - - F F F F 0 - - F Nxlog .conf <Extension csv.dns.log> Module xm_csv Fields $timestamp,$uid,$srcip,$srcport,$dstip,$dstport,$service,$transid,$qresponse,$query,$qclass,$qclassname,$qtype,$qtypename,$rcode,$rcodename,$aa,$tc,$rd,$ra,$z,$answ FieldsType string,string,string,string,string,string,string,string,string,string,string,string,string,string,string,string,string,string,string,string,string,string,string Delimiter \t </Extension> <Input i.dns.log> Module im_file File "/*PATH*/dns.log" ReadFromLast TRUE Exec csv.dns.log->parse_csv(); </Input> <Output o.dns.log> Module om_ssl Host 192.XXX.X.XXX Port ZZZZ OutputType GELF_TCP CAFile /data/conf/ca.crt AllowUntrusted TRUE </Output> <Route r.dns.log> Path i.dns.log => o.dns.log </Route> Thank you