Solved: Re: syslog host transform base on event

bambarit · ‎11-18-2020

I have syslog server and installed HF,

when send logs from HF to indexer, the host is represent base on Event host,

can we extract new field for HF hostname?

thambisetty · ‎11-22-2020

yes you can change on forwarder before you send logs to Indexer.

————————————
If this helps, give a like below.

vikramyadav · ‎11-22-2020

Yes you can change the name of host. Also you can extract new fields from HF.

-----------------------------------------

If this helps your like will be appreciated 🙂

bambarit · ‎11-22-2020

can we just use transform from indexer?

thambisetty · ‎11-18-2020

You can modify host value and you can have extra meta fields to hold information of hf if you wish to.

————————————
If this helps, give a like below.

bambarit · ‎11-22-2020

do you mean host value in forwarder inputs?

thambisetty · ‎11-22-2020

yes you can change on forwarder before you send logs to Indexer.

————————————
If this helps, give a like below.

syslog host transform base on event