×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
manuelmosca
New Member
Member since: ‎03-17-2023
‎12-05-2023
Community Statistics
Posts 3
Solutions 0
Karma Given 0
Karma Received 0
Member Since ‎03-17-2023
Activity Feed
View All

Re: Transform sourcetype not works

by in Getting Data In
‎03-22-2023 05:45 AM
‎03-22-2023 05:45 AM
strange but true, now the config works... I've not changed anything   Thanks ... View more

Re: Transform sourcetype not works

by in Getting Data In
‎03-19-2023 10:43 PM
‎03-19-2023 10:43 PM
Yes is a typo, I forgot the s... I'm not understanding why it not works, from splunk documentation and you comment the parameters are rights ... View more

Why doesn't my Transform sourcetype work?

by in Getting Data In
‎03-17-2023 03:12 AM
‎03-17-2023 03:12 AM
Hi, I'm tring to change the sourcetype of all data of a specific source in props.conf [source::/var/log/messages] TRANSFORMS-change_sourcetype = syslog_sourcetype_change in transform.conf [syslog_sourcetype_change] SOURCE_KEY = MetaData:Sourcetype REGEX = .* FORMAT = sourcetype::syslog:nix DEST_KEY = MetaData:Sourcetype I checked the running config via btool and the stanzas are correctly configured on my heavy forwarder but it not works, the logs remain into syslog sourcetype Thanks in advance ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎12-05-2023 06:00 AM