Solved: Re: Overwrite App-default EVAL in props.conf with ...

Mockjin · ‎07-16-2021

Hello *

how can i overwrite the default eval definition for field app in props.conf?

default/props.conf

...
EVAL-app = "Blue Coat ProxySG"
...

I try to overwrite this field with following in local/props.conf

...
FIELDALIAS-app             = x_bluecoat_application_name as app
...

We use a distributed Environment so i changed this in SH and HF app. But no change to the results.

What am i doing wrong?

venkatasri · ‎07-16-2021

Hi @Mockjin

As per precedence EVAL executes after FIELDALIAS hence though you created a alias as 'app' same is being overridden with EVAL-* expression in default/ dir.

Can you try this in local/props.conf and deploy the changes to SH and restart.

EVAL-app = x_bluecoat_application_name

----

An upvote would be appreciated and Accept solution if this reply helps !

View solution in original post

venkatasri · ‎07-16-2021

Hi @Mockjin

As per precedence EVAL executes after FIELDALIAS hence though you created a alias as 'app' same is being overridden with EVAL-* expression in default/ dir.

Can you try this in local/props.conf and deploy the changes to SH and restart.

EVAL-app = x_bluecoat_application_name

----

An upvote would be appreciated and Accept solution if this reply helps !

Mockjin · ‎07-19-2021

Hi @venkatasri ,

your solution worked for me. Thanks 🙂

Overwrite App-default EVAL in props.conf with FieldAlias

field extraction

heavy forwarder

props.conf

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation

Tips & Tricks When Using Ingest Actions