Hi,

I have recently started building apps on splunk. I am monitoring a log file on the UF , containing logs from various applications and trying to fetch specific alert logs from a containing "VERITAS-COMMAND-CENTRAL-MIB". Below are the files I have configured for the the requirement. Issue is, the logs are getting tagged to a different source type(snmptrapd) instead of the intended one (st_netbackup) . Both my enterprise and UF are on 7.1.4 version.

inputs.conf

[monitor:///var/log/snmptrapd.log]
disabled = 0
index = acn_backup_netbackup_tier1_idx

index = main

host = XX.XX.XX.XX

System level outputs.con

[tcpout:acn-dev1-route-group]
server = xx.xx.xx.xx:9997

props.conf

[source::/var/log/snmptrapd.log]
description = Netbackup log file
TRANSFORMS-set = removeNETSNMPHeader,removeOther
TRANSFORMS-route = parseNetbackup
SEDCMD-community = s/community (\w+)/community *****/g
BREAK_ONLY_BEFORE = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
TIME_FORMAT = %Y-%m-%d %T
TRANSFORMS-customsourcetype = st_netbackup

transforms.conf

[st_netbackup]
REGEX = (!?)VERITAS-COMMAND-CENTRAL-MIB
DEST_KEY = MetaData:Sourcetype
FORMAT = st_netbackup

[removeNETSNMPHeader]
REGEX =NET-SNMP version*
DEST_KEY = queue
FORMAT = nullQueue

[removeOther]
REGEX = (.)
DEST_KEY = queue
FORMAT = nullQueue

[parseNetbackup]
REGEX = (!?)VERITAS-COMMAND-CENTRAL-MIB
DEST_KEY = _TCP_ROUTING
FORMAT = acn-dev1-route-group

Below is the log format as received on the desired index. It would be great to hear any suggestions here.
2020-01-14 04:15:27 ip-xx.xx.xx.xx.ec2.internal [UDP: [xx.xx.xx.xx]:53318->[xx.xx.xx.xx]:162]:
DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (753481) 2:05:34.81 SNMPv2-MIB::snmpTrapOID.0 = OID: VERITAS-COMMAND-CENTRAL-MIB::ccError VERITAS-COMMAND-CENTRAL-MIB::alertRecipients = STRING: Splunk Dev VERITAS-COMMAND-CENTRAL-MIB::alertSummary = STRING: 27 Clear Connections To Media Server ec2amaz-akg3cqb Lost VERITAS-COMMAND-CENTRAL-MIB::alertDescription = STRING: Lost contact with media server VERITAS-COMMAND-CENTRAL-MIB::policyName = STRING: Lost Contact with Media Server VERITAS-COMMAND-CENTRAL-MIB::objectType = STRING: VERITAS-COMMAND-CENTRAL-MIB::collectorName = STRING: VERITAS-COMMAND-CENTRAL-MIB::ccHost = STRING: EC2AMAZ-AKG3CQB VERITAS-COMMAND-CENTRAL-MIB::sourceId = STRING: EC2AMAZ-AKG3CQB VERITAS-COMMAND-CENTRAL-MIB::ccObject = STRING: VERITAS-COMMAND-CENTRAL-MIB::sampleData = STRING: VERITAS-COMMAND-CENTRAL-MIB::ccAlertSeverity = STRING: Major VERITAS-COMMAND-CENTRAL-MIB::ccAlertTime = STRING: Tue Jan 14 04:15:27 UTC 2020
host =xx.xx.xx.xxsource = /var/log/snmptrapd.logsourcetype = snmptrapd