Update transforms.conf

package/default/transforms.conf

@@ -9,10 +9,11 @@
 # GENERAL
 #
 
-[swift_agi_remove_comments]
-REGEX = ^#.*
-DEST_KEY = queue
-FORMAT = nullQueue
+# Uncomment to remove all comments from the log
+# [swift_agi_remove_comments]
+# REGEX = ^#.*
+# DEST_KEY = queue
+# FORMAT = nullQueue
 
 
 #
@@ -34,7 +35,7 @@ REGEX = MsgId=(?<msg_id>[^,]+), PrimitiveType=(?<primitive_type>[^,]+), Sender=(
 # base
 
 [swift_agi_activity_basefields]
-REGEX = ^(?<activity_time>[^\|]+)\|(?<container_id>[^\|]+)\|(?<micro_service>[^\|]+)\|(?<process_id>[^\|]+)\|(?<activity>[A-Z-]+)
+REGEX = ^(?<activity_time>[^\|]+)\|(?<micro_service>[^\|]+)\|(?<field1>[^\|]+)\|(?<process_id>[^\|]+)\|(?<activity>[A-Z-]+)
 
 
 # mq-connector
@@ -206,8 +207,7 @@ REGEX = (?<activity_time>[^\|]+)\|(?<container_id>[^\|]+)\|(?<micro_service>[^\|
 # SWIFT AGI Events
 #
 [swift_agi_event_basefields]
-REGEX = (?<activity_time_utc>[^\|]+)\|(?<activity_time>[^\|]+)\|(?<agi_id>[^\|]+)\|(?<product_version>[^\|]+)\|(?<severity>Low|Medium|High|Very-High)\|(?<component>[^\|]+)\|(?<category>[^\|]+)\|
-# CEF:0\|(?<vendor>[^\|]+)\|(?<product>[^\|]+)\|(?<component>[^\|]+)\|(?<event>[^\|]+)\|
+REGEX = (?<activity_time_utc>[^\|]+)\|(?<activity_time>[^\|]+)\|(?<agi_id>[^\|]+)\|(?<product_version>[^\|]+)\|(?<severity>Low|Medium|High|Very-High)\|(?<component>[^\|]+)\|(?<category>[^\|]+)\|(?<event>[^\|]+)\|(?<message>[^\|]+)\|(?<micro_service>[^\|]+)\|(?<src_ip>[^\|]+)
 
 [swift_agi_event_basefields_cef]
 REGEX = CEF:0\|(?<vendor>[^\|]+)\|(?<product>[^\|]+)\|(?<product_version>[^\|]+)\|(?<component>[^\|]+)\|(?<event>[^\|]+)\|(?<severity>Low|Medium|High|Very-High)\|