Getting Data In
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

syslog-ng props and transforms conf for ingesting data

chrisratliff95
New Member
‎12-17-2019 02:28 PM

Hi!

I'm trying to ingest metric data from a Virtual Machine Linux box, using syslog-ng and Splunk Universal Forwarder. It's for an application, so on my windows box I'm trying to make the configuration files for transforms and props in /etc/apps/app_name/local directory. It's currently working for another box with rsyslog instead of syslog-ng. For some reason it isn't with syslog-ng.

transforms.conf

[syslog-ng_stats]
INGEST_EVAL = metric_name=Metric

[object_extraction-ng]
DELIMS=";"
FIELDS=Date,Hostname,Object,Id,Instance,Status,Type,Metric
WRITE_META = true

[metric-schema:extract_stats_metrics-ng]
METRIC-SCHEMA-MEASURES-ngstats=Hostname,Object,Id,Instance,Status,Type,Metric

props.conf

[syslog-ng-ctl]
TRANSFORMS-fieldvalue=field_extraction
TRANSFORMS-metricslog=syslog-ng_stats
TRANSFORMS-object=object_extraction-ng
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_stats_metrics-ng

I'm pretty sure these are the issue as to why it isn't working, but I don't know what I've done wrong.

I hope I explained this properly. If you need more information, let me know. I would greatly appreciate some help on this, I'm stuck.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Get Updates on the Splunk Community!

Tech Talk Recap | Mastering Threat Hunting

Mastering Threat HuntingDive into the world of threat hunting, exploring the key differences between ...

Observability for AI Applications: Troubleshooting Latency

If you’re working with proprietary company data, you’re probably going to have a locally hosted LLM or many ...

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In the age of AI, every tool promises to make our lives easier. From summarizing content to writing code, ...