Hi,
I am Using Splunk to receive syslog (udp:514) messages of ACS Server.
I want to replace some fields in receiving messages, with desired words
like
"Client IP Address" with "Device"
"Unauthenticated" with "Failed to Authenticate" etc..
Can somebody please tell me how can i do that?
with necessary examples?
Parameters used are: index- acs_db, source type - cisco:acs
Hi There,
I'm assuming these are fields that have been extracted from the messages in the raw data, have you tried utilising "Field Aliases"?
http://docs.splunk.com/Documentation/Splunk/6.5.3/Knowledge/Addaliasestofields
Hi There,
I'm assuming these are fields that have been extracted from the messages in the raw data, have you tried utilising "Field Aliases"?
http://docs.splunk.com/Documentation/Splunk/6.5.3/Knowledge/Addaliasestofields