Getting Data In

Rename sourcetype for only one app

christopherutz
Path Finder

We are standardizing some sourcetype names and had the idea to provide a "compatibility" app in which users could run searches on the old sourcetypes if needed. To implement this we setup a rename stanza for our sourcetype in the props.conf file for our compatibility app as suggested in this thread http://answers.splunk.com/questions/4940/sourcetype-aliasing.

[new_sourcetype_name]
rename=old_sourcetype_name

It seems that even though the rename is specified within an app it is applied globally. Searches run in the default search app (or other apps we have created) require the use of the renamed sourcetype.

The hope is that searches in all other apps could be performed on sourcetype=new_sourcetype_name but users could search for sourcetype=old_sourcetype_name via the compatibility app.

Chris

Tags (1)
1 Solution

ziegfried
Influencer

Haven't done it before, but try putting the following in the metadata/local.meta in your app directory:

[props]
export = none

View solution in original post

ziegfried
Influencer

Haven't done it before, but try putting the following in the metadata/local.meta in your app directory:

[props]
export = none

Lowell
Super Champion

I think you could further refine this so that you are only blocking the sourcetype rename by changing [props] to [props/new_sourcetype_name/rename], just FYI. This would be helpful if you need other props.conf settings but simply wanted to block the rename itself.

christopherutz
Path Finder

This appears to be the solution. Things are functioning as desired now. Thank you very much!

0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...