what is _meta in DEST_KEY field in transforms.conf...

dtk · ‎12-25-2018

i made whole transforms.conf and prop.conf for a data in splunk and analyse FORMAT in transform.conf with $0 and without it but nothing changes had reflected

markusspitzli · ‎02-22-2019

According the transforms.conf documentation:
_meta : A space-separated list of metadata for an event.

Honestly I dont get your question, but I advice you to visit the documentation for transforms.conf. It has a lot of examples, which can help you. If not feel free to clarify your question.

richgalloway · ‎12-25-2018

Please share your transforms.conf and props.conf settings.

---
If this reply helps you, Karma would be appreciated.

what is _meta in DEST_KEY field in transforms.conf and what it does and where it reflects and when we are writing _meta in DEST_KEY filed then we have to write $0 at start in FORMAT so what it means and why we have to do so?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Are you a member of the Splunk Community?

what is _meta in DEST_KEY field in transforms.conf and what it does and where it reflects and when we are writing _meta in DEST_KEY filed then we have to write $0 at start in FORMAT so what it means and why we have to do so?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem