Hi all. Having an issue with hostname override for snmp logs. An issue I’m having is i created this props and transforms to get the agent_hostname from the logs to override the host (syslog011) for these snmp trap logs but it doesn’t seem to have worked. Not sure what the mistake is herE.
TRANSFORMS.CONF
[snmptrapd_kv]
DELIMS - "\n," ="
[snmp_hostname_change]
DEST_KEY-MetaData: : Host
REGEX-Agent_Hostname = (•*)
FORMAT-host:: $1
PROPS.CONF
[snmptrapd]
disabled = false
LINE BREAKER = ([\r\n]+) Agent_ Address\s=
MAX TIMESTAMP LOOKAHEAD = 30
NO_BINARY_CHECK - true
SHOULD LINEMERGE = false
TIME
_FORMAT = SY-8m-%d 8H:&M: :S
TIME
_PREFIX = Datels=\s
EXTRACT-node = ^[^\[\n]*\[(?P<node>[^\]]+)
REPORT-snmptrapd = snmptrapd_kv
TRANSFORMS-snmp_hostname_change = snmp_hostname_change
