I have syslog server and installed HF,
when send logs from HF to indexer, the host is represent base on Event host,
can we extract new field for HF hostname?
yes you can change on forwarder before you send logs to Indexer.
Hi @bambarit
Yes you can change the name of host. Also you can extract new fields from HF.
-----------------------------------------
If this helps your like will be appreciated 🙂
can we just use transform from indexer?
You can modify host value and you can have extra meta fields to hold information of hf if you wish to.
do you mean host value in forwarder inputs?
yes you can change on forwarder before you send logs to Indexer.