I am Using Splunk to receive syslog (udp:514) messages of ACS Server.
I want to replace some fields in receiving messages, with desired words
"Client IP Address" with "Device"
"Unauthenticated" with "Failed to Authenticate" etc..
Can somebody please tell me how can i do that?
with necessary examples?
Parameters used are: index- acs_db, source type - cisco:acs
I'm assuming these are fields that have been extracted from the messages in the raw data, have you tried utilising "Field Aliases"?
View solution in original post