syslog-ng props and transforms conf for ingesting ...

Getting Data In

Hi!

I'm trying to ingest metric data from a Virtual Machine Linux box, using syslog-ng and Splunk Universal Forwarder. It's for an application, so on my windows box I'm trying to make the configuration files for transforms and props in /etc/apps/app_name/local directory. It's currently working for another box with rsyslog instead of syslog-ng. For some reason it isn't with syslog-ng.

transforms.conf

[syslog-ng_stats]
INGEST_EVAL = metric_name=Metric

[object_extraction-ng]
DELIMS=";"
FIELDS=Date,Hostname,Object,Id,Instance,Status,Type,Metric
WRITE_META = true

[metric-schema:extract_stats_metrics-ng]
METRIC-SCHEMA-MEASURES-ngstats=Hostname,Object,Id,Instance,Status,Type,Metric

props.conf

[syslog-ng-ctl]
TRANSFORMS-fieldvalue=field_extraction
TRANSFORMS-metricslog=syslog-ng_stats
TRANSFORMS-object=object_extraction-ng
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_stats_metrics-ng

I'm pretty sure these are the issue as to why it isn't working, but I don't know what I've done wrong.

I hope I explained this properly. If you need more information, let me know. I would greatly appreciate some help on this, I'm stuck.

Get Updates on the Splunk Community!

syslog-ng props and transforms conf for ingesting data

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition

Are you a member of the Splunk Community?

syslog-ng props and transforms conf for ingesting data

Splunk Observability Cloud’s AI Assistant in Action Series: Analyzing and ...

Elevate Your Organization with Splunk’s Next Platform Evolution

Splunk Answers Content Calendar, June Edition