Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Ask a Question

what is _meta in DEST_KEY field in transforms.conf and what it does and where it reflects and when we are writing _meta in DEST_KEY filed then we have to write $0 at start in FORMAT so what it means and why we have to do so?

dtk
Engager
โ€Ž12-25-2018 12:38 AM

i made whole transforms.conf and prop.conf for a data in splunk and analyse FORMAT in transform.conf with $0 and without it but nothing changes had reflected

Reply

markusspitzli
Communicator
โ€Ž02-22-2019 12:04 AM

According the transforms.conf documentation:
_meta : A space-separated list of metadata for an event.

Honestly I dont get your question, but I advice you to visit the documentation for transforms.conf. It has a lot of examples, which can help you. If not feel free to clarify your question.

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
โ€Ž12-25-2018 08:36 AM

Please share your transforms.conf and props.conf settings.

---
If this reply helps you, an upvote would be appreciated.
0 Karma
Reply