cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
gaubor
New Member
Member since: ‎07-22-2016
‎06-05-2020
Community Statistics
Posts 1
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎07-22-2016
Topics I've Started
No posts to display.
View All

Re: Splunk App for VMware 3.2.2: Why am I unable t...

by in All Apps and Add-ons
‎11-18-2017 09:45 AM
‎11-18-2017 09:45 AM
Hi, we have upgraded vmware app to 3.4.0 and vmware is on 6.5.. we are forwarding vCenter logs to a HF which has Splunk_TA_vCenter, and we did make sure to change the inputs monitor path accordingly, but the regex in props and transforms is not extracting the sourcetype... #our custom inputs on HF inputs.conf [monitor:///var/log/vmware_hosts/vcenter-*.myorg/messages*] disabled = 0 sourcetype = vclog host_segment = 4 index = vmware-vclog #props and transforms are from Splunk_TA_vCenter props.conf [vclog] SHOULD_LINEMERGE = false TRANSFORMS-vmwvclogsourcetype = set_vclog_sourcetype transforms.conf #Sourcetype Extraction [set_vclog_sourcetype] REGEX = ^([a-z\-]+) DEST_KEY = MetaData:Sourcetype FORMAT = sourcetype::vmware:vclog:$1 ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM