Hi!
I'm trying to ingest metric data from a Virtual Machine Linux box, using syslog-ng and Splunk Universal Forwarder. It's for an application, so on my windows box I'm trying to make the configuration files for transforms and props in /etc/apps/app_name/local directory. It's currently working for another box with rsyslog instead of syslog-ng. For some reason it isn't with syslog-ng.
transforms.conf
[syslog-ng_stats]
INGEST_EVAL = metric_name=Metric
[object_extraction-ng]
DELIMS=";"
FIELDS=Date,Hostname,Object,Id,Instance,Status,Type,Metric
WRITE_META = true
[metric-schema:extract_stats_metrics-ng]
METRIC-SCHEMA-MEASURES-ngstats=Hostname,Object,Id,Instance,Status,Type,Metric
props.conf
[syslog-ng-ctl]
TRANSFORMS-fieldvalue=field_extraction
TRANSFORMS-metricslog=syslog-ng_stats
TRANSFORMS-object=object_extraction-ng
METRIC-SCHEMA-TRANSFORMS=metric-schema:extract_stats_metrics-ng
I'm pretty sure these are the issue as to why it isn't working, but I don't know what I've done wrong.
I hope I explained this properly. If you need more information, let me know. I would greatly appreciate some help on this, I'm stuck.
... View more