If you issue the following command, what do you get for the [linux_secure] stanza?
$SPLUNK_HOME/bin/splunk btool --debug props list | more
Also, I wouldn't set the host name using a transform, when you can easily set it in props.conf, or even inputs.conf
This should work -- unless the system is supplying
TRANSFORMS = syslog-host
which it does for some known sourcetypes. The first command will help you figure that out.
Finally, a very important question: where is your props.conf? What is the location of the file? Configuration file precedence is very important in Splunk; if you understand it, great! But if not, take a look at Configuration File Precedence in the Admin manual.