I have the following transforms.conf actual configuration (with various User in the regex):
DEST_KEY = queue
FORMAT = indexQueue
REGEX = (?i)(Account name:\s+User1)|(Account Name:\sUser2)|(……)
Let suppose that FORMAT contains the $1, $2, $3, $n... as the various Users.
I need to update the $SPLUNK_HOME\eta\apps\<my app>\local\transforms.conf
with the curl command as the following, but I do not find the RESt POST method correctly in the docs (http://docs.splunk.com/Documentation/Splunk/6.5.2/RESTREF/RESTconf). I do not understand what to put instead of property and values
curl -k -u <user>:<passwd> https://<ip_server>:8089/servicesNS/nobody/<my app>/properties/transforms/<admin filter> -d <property>=<value>
Any suggestions how to achieve this?
... View more