...ce_ix_vmware] SOURCE_KEY = MetaData:Sourcetype REGEX = ^sourcetype::(?i)vmw-syslog$ DEST_KEY = _MetaData:Index FORMAT = vmware-esxilog So far, so good. This rewrite app does its job. The data now has i...
...oday its a big mess and I need help to sort they inn to different indexes and not just a big syslog iindex.
As example. We have four types of system (have many more)
Cisco switch
Cisco routers
VmWare...