About RyanH

RyanH · ‎11-29-2021

Hello, I'm using the HF because I want to filter the results that I send to each "Server", this allows me to collect all the Syslog and only index the messages I'm looking for. So: All Syslog -> (Regex match ) -> ServerA (My Splunk Server) All Syslog -> (Regex match ) -> ServerB (third party syslog server) The HF seems to be able to do it, I just seem to be missing how to match two different regex's and send the results too the different servers. Any help would be great, Ryan

RyanH · ‎11-24-2021

Hello, I have been trying to get a Splunk config to work for a while, and have come here for help! I'm out of ideas. I have Network Syslog from many different sources all being sent to a Heavy Forwarder. My hope is to get the syslog matched against two different regex's and have the matched data sent to two different locations. My Configs: props [host::*] TRANSFORMS-SYSLOG = send_to_serverA, send_to_serverB transforms [send_to_serverA] regex = "regex goes here" DEST_KEY = _SYSLOG_ROUTING FORMAT = serverA [send_to_serverB] regex = "regex goes here" DEST_KEY = _SYSLOG_ROUTING FORMAT = serverB outputs [syslog:serverA_group] server = x.x.x.1:514,x.x.x.2:514 [syslog:serverB_group] server = x.x.1.1:514,x.x.1.2:514 This is currently not working and it seems to have something to do with the DEST_KEY = _SYSLOG_ROUTING. I get some very strange results. Can any one point out where I have gone wrong? If this can be done? Regards, Ryan

Posts	2
Solutions	0
Karma Given	0
Karma Received	0
Member Since	‎11-24-2021

Online Status	Offline
Date Last Visited	‎08-08-2022 10:05 AM

Syslog -> 2 different Regex -> different destinati...

Re: Syslog -> 2 different Regex -> different desti...

Syslog -> 2 different Regex -> different destinati...