Remove set of index in code in favor of configutation only

package/etc/conf.d/conflib/_splunk/splunkfields.conf.tmpl

@@ -36,12 +36,10 @@ rewrite r_set_splunk_default {
 #used by each log-path to set index and sourcetype which may be
 #overridden by user defined values
 block rewrite r_set_splunk_dest_default(
-                              index()
                               source("${.splunk.source}")
                               sourcetype()
                               template(`splunk-template`)
                            ) {
-      set("`index`", value(".splunk.index"));
       set("`source`", value(".splunk.source"));
       set("`sourcetype`", value(".splunk.sourcetype"));
 };

package/etc/conf.d/local/config/log_paths/lp-example.conf.tmpl

@@ -53,7 +53,7 @@ log {
 
     rewrite {
         set("local_example", value("fields.sc4s_vendor_product"));
-        r_set_splunk_dest_default(sourcetype("sc4s:local_example"), index("main"));
+        r_set_splunk_dest_default(sourcetype("sc4s:local_example"));
     };
 
 # using the key "local_example" find any customized index,source or sourcetype meta values

package/etc/conf.d/log_paths/lp-bbb-ietf_syslog.conf.tmpl

@@ -13,7 +13,7 @@ log {
         set("IETF_SYSLOG", value("fields.sc4s_vendor_product"));
     };
 
-    rewrite { r_set_splunk_dest_default(sourcetype("ietf:syslog"), index("main"), source("${APP}:${PROGRAM}")) };
+    rewrite { r_set_splunk_dest_default(sourcetype("ietf:syslog"),  source("${APP}:${PROGRAM}")) };
     parser { p_add_context_splunk(key("IETF_SYSLOG")); };
     parser (compliance_meta_by_source);
     rewrite { set("$(template ${.splunk.sc4s_template} $(template t_JSON_5424))" value("MSG")); };

package/etc/conf.d/log_paths/lp-brocade.conf.tmpl

@@ -27,7 +27,7 @@ log {
         subst("^[^\t]+\t", "", value("MESSAGE"), flags("global"));
         set("${PROGRAM}", value(".PROGRAM"));
         subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
-        r_set_splunk_dest_default(sourcetype("brocade:syslog"), index("netops"), source("program:${.PROGRAM}"))
+        r_set_splunk_dest_default(sourcetype("brocade:syslog"),  source("program:${.PROGRAM}"))
     };
     parser { p_add_context_splunk(key("brocade_syslog")); };
 

package/etc/conf.d/log_paths/lp-checkpoint_splunk.conf.tmpl

@@ -45,7 +45,7 @@ log {
            set("${.kv.hostname}", value("HOST"));
            set("${.kv.hostname}", value("fields.cp_lm"));
            set("checkpoint_splunk", value("fields.sc4s_vendor_product"));
-           r_set_splunk_dest_default(sourcetype("cp_log"), index("netops"))
+           r_set_splunk_dest_default(sourcetype("cp_log"))
         };
 
         if {
@@ -89,31 +89,31 @@ log {
 
             if  {
                 filter(f_checkpoint_splunk_NetworkTraffic);
-                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("firewall"), index("netfw"))};
+                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("firewall"))};
                 parser {p_add_context_splunk(key("checkpoint_splunk_firewall")); };
             } elif  {
                 filter(f_checkpoint_splunk_Web);
-                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("web"), index("netproxy"))};
+                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("web"))};
                 parser {p_add_context_splunk(key("checkpoint_splunk_web")); };
             } elif  {
                 filter(f_checkpoint_splunk_NetworkSessions);
-                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("sessions"), index("netops"))};
+                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("sessions"))};
                 parser {p_add_context_splunk(key("checkpoint_splunk_sessions")); };
             } elif  {
                 filter(f_checkpoint_splunk_IDS_Malware);
-                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("ids_malware"), index("netids"))};
+                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("ids_malware"))};
                 parser {p_add_context_splunk(key("checkpoint_splunk_ids")); };
             } elif  {
                 filter(f_checkpoint_splunk_IDS);
-                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("ids"), index("netids"))};
+                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("ids"))};
                 parser {p_add_context_splunk(key("checkpoint_splunk_ids")); };
             } elif  {
                 filter(f_checkpoint_splunk_email);
-                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("email"), index("email"))};
+                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("email"))};
                 parser {p_add_context_splunk(key("checkpoint_splunk_email")); };
             } elif  {
                 filter(f_checkpoint_splunk_DLP);
-                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("firewall"), index("netdlp"))};
+                rewrite { r_set_splunk_dest_default(sourcetype("cp_log"), source("firewall"))};
                 parser {p_add_context_splunk(key("checkpoint_splunk_dlp")); };
             } elif {
                 filter(f_checkpoint_splunk_syslog);
@@ -130,7 +130,7 @@ log {
                         set("${PROGRAM}", value(".PROGRAM"));
                         subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
                     };
-                rewrite { r_set_splunk_dest_default(sourcetype("nix:syslog"), index("netops"), source("program:${.PROGRAM}")) };
+                rewrite { r_set_splunk_dest_default(sourcetype("nix:syslog"),  source("program:${.PROGRAM}")) };
                 parser { p_add_context_splunk(key("checkpoint_os")); };                
 
             };
@@ -163,7 +163,7 @@ log {
             set("${PROGRAM}", value(".PROGRAM"));
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
         };
-        rewrite { r_set_splunk_dest_default(sourcetype("nix:syslog"), index("netops"), source("program:${.PROGRAM}")) };
+        rewrite { r_set_splunk_dest_default(sourcetype("nix:syslog"),  source("program:${.PROGRAM}")) };
         parser { p_add_context_splunk(key("checkpoint_os")); };
 
         parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-cisco_acs.conf.tmpl

@@ -86,7 +86,7 @@ log {
         parser(acs_event_time);
         rewrite {
             set("cisco_acs", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("cisco:acs"), index("netauth"))
+            r_set_splunk_dest_default(sourcetype("cisco:acs"))
         };
 
         parser {p_add_context_splunk(key("cisco_acs")); };

package/etc/conf.d/log_paths/lp-cisco_apic.conf.tmpl

@@ -29,14 +29,14 @@ log {
         };
         rewrite {
             set("cisco_APIC_acl", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("cisco:apic:acl"), index("netfw"), template("t_hdr_msg"))
+            r_set_splunk_dest_default(sourcetype("cisco:apic:acl"),  template("t_hdr_msg"))
         };
         parser { p_add_context_splunk(key("cisco_apic_acl")); };
 
     } elif {
         rewrite {
             set("cisco_APIC_events", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("cisco:apic:events"), index("netops"), template("t_hdr_msg"))
+            r_set_splunk_dest_default(sourcetype("cisco:apic:events"),  template("t_hdr_msg"))
         };
         parser { p_add_context_splunk(key("cisco_apic_events")); };
     };

package/etc/conf.d/log_paths/lp-cisco_asa.conf.tmpl

@@ -28,7 +28,7 @@ log {
         };
         rewrite {
             set("cisco_ftd", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("cisco:firepower:syslog"), index("netfw"))
+            r_set_splunk_dest_default(sourcetype("cisco:firepower:syslog"))
         };
         parser {p_add_context_splunk(key("cisco_ftd")); };
         parser (compliance_meta_by_source);
@@ -37,7 +37,7 @@ log {
     } else {
         rewrite {
             set("cisco_asa", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("cisco:asa"), index("netfw"))
+            r_set_splunk_dest_default(sourcetype("cisco:asa"))
         };
         parser {p_add_context_splunk(key("cisco_asa")); };
         parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-cisco_asa_legacy.conf.tmpl

@@ -23,7 +23,7 @@ log {
 
     rewrite {
         set("cisco_asa", value("fields.sc4s_vendor_product"));
-        r_set_splunk_dest_default(sourcetype("cisco:asa"), index("netfw"))
+        r_set_splunk_dest_default(sourcetype("cisco:asa"))
     };
     parser {p_add_context_splunk(key("cisco_asa")); };
     parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-cisco_ise.conf.tmpl

@@ -86,7 +86,7 @@ log {
         parser(ise_event_time);
         rewrite {
             set("cisco_ise", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("cisco:ise:syslog"), index("netauth"))
+            r_set_splunk_dest_default(sourcetype("cisco:ise:syslog"))
         };
 
         parser {p_add_context_splunk(key("cisco_ise")); };

package/etc/conf.d/log_paths/lp-cisco_meraki.conf.tmpl

@@ -22,7 +22,7 @@ log {
 
     rewrite {
         set("cisco_meraki", value("fields.sc4s_vendor_product"));
-        r_set_splunk_dest_default(sourcetype("meraki"), index("netfw"))
+        r_set_splunk_dest_default(sourcetype("meraki"))
     };
     parser {p_add_context_splunk(key("cisco_meraki")); };
     parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-cisco_nxos.conf.tmpl

@@ -23,7 +23,7 @@ log {
     rewrite {
         set("cisco_nxos", value("fields.sc4s_vendor_product"));
         guess-time-zone();
-        r_set_splunk_dest_default(sourcetype("cisco:ios"), index("netops"), template("t_hdr_msg"))
+        r_set_splunk_dest_default(sourcetype("cisco:ios"),  template("t_hdr_msg"))
     };
 
     parser { p_add_context_splunk(key("cisco_nx_os")); };

package/etc/conf.d/log_paths/lp-cisco_ucm.conf.tmpl

@@ -44,7 +44,7 @@ log {
 
     rewrite {
         set("cisco_ucm", value("fields.sc4s_vendor_product"));
-        r_set_splunk_dest_default(sourcetype("cisco:ucm"), index("main"))
+        r_set_splunk_dest_default(sourcetype("cisco:ucm"))
     };
     parser {p_add_context_splunk(key("cisco_ucm")); };
     parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-cisco_wsa.conf.tmpl

@@ -26,7 +26,7 @@ log{
         };
         rewrite {
                 set("cisco_wsa", value("fields.sc4s_vendor_product"));
-                r_set_splunk_dest_default(sourcetype("cisco:wsa:l4tm"), index("netops"))
+                r_set_splunk_dest_default(sourcetype("cisco:wsa:l4tm"))
         };
         parser { p_add_context_splunk(key("cisco_wsa")); };
         parser (compliance_meta_by_source);
@@ -51,7 +51,7 @@ log{
         };
         rewrite {
                 set("cisco_wsa11_7", value("fields.sc4s_vendor_product"));
-                r_set_splunk_dest_default(sourcetype("cisco:wsa:squid:new"), index("netops"),source("wsa_11.7"))
+                r_set_splunk_dest_default(sourcetype("cisco:wsa:squid:new"), source("wsa_11.7"))
         };
         parser { p_add_context_splunk(key("cisco_wsa")); };
         parser (compliance_meta_by_source);
@@ -75,7 +75,7 @@ log{
         };
         rewrite {
                 set("cisco_wsa", value("fields.sc4s_vendor_product"));
-                r_set_splunk_dest_default(sourcetype("cisco:wsa:squid"), index("netops"))
+                r_set_splunk_dest_default(sourcetype("cisco:wsa:squid"))
         };
         parser { p_add_context_splunk(key("cisco_wsa")); };
         parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-cisco_z_ios.conf.tmpl

@@ -23,7 +23,7 @@ log {
     rewrite {
         set("cisco_ios", value("fields.sc4s_vendor_product"));
         guess-time-zone();
-        r_set_splunk_dest_default(sourcetype("cisco:ios"), index("netops"))
+        r_set_splunk_dest_default(sourcetype("cisco:ios"))
     };
     parser { p_add_context_splunk(key("cisco_ios")); };
     parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-citrix-netscaler.conf.tmpl

@@ -22,7 +22,7 @@ log {
 
     rewrite {
         set("citrix_netscaler", value("fields.sc4s_vendor_product"));
-        r_set_splunk_dest_default(sourcetype("citrix:netscaler:syslog"), index("netfw"))
+        r_set_splunk_dest_default(sourcetype("citrix:netscaler:syslog"))
     };
 
     parser {p_add_context_splunk(key("citrix_netscaler")); };

package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl

@@ -63,7 +63,7 @@ log {
     };
 
     rewrite {
-        r_set_splunk_dest_default(sourcetype("cef"), index("main"))
+        r_set_splunk_dest_default(sourcetype("cef"))
     };
 
     parser (p_cef_header);

package/etc/conf.d/log_paths/lp-dell_rsa_secureid.conf.tmpl

@@ -44,27 +44,27 @@ log {
             filter{match('audit\.admin' value('.rsa.type'))};
             rewrite {
                 set("dell_rsa_secureid", value("fields.sc4s_vendor_product"));
-                r_set_splunk_dest_default(sourcetype("rsa:securid:admin:syslog"), index("netauth"))
+                r_set_splunk_dest_default(sourcetype("rsa:securid:admin:syslog"))
             };
             parser { p_add_context_splunk(key("dell_rsa_secureid")); };
         } elif {
             filter{match('system\.com\.rsa|,\s+system\.erationsconsole' value('.rsa.type'))};
             rewrite {
                 set("dell_rsa_secureid", value("fields.sc4s_vendor_product"));
-                r_set_splunk_dest_default(sourcetype("rsa:securid:system:syslog"), index("netauth"))
+                r_set_splunk_dest_default(sourcetype("rsa:securid:system:syslog"))
             };
             parser { p_add_context_splunk(key("dell_rsa_secureid")); };
         } elif {
             filter{match('audit\.runtime\.com\.rsa' value('.rsa.type'))};
             rewrite {
                 set("dell_rsa_secureid", value("fields.sc4s_vendor_product"));
-                r_set_splunk_dest_default(sourcetype("rsa:securid:runtime:syslog"), index("netauth"))
+                r_set_splunk_dest_default(sourcetype("rsa:securid:runtime:syslog"))
             };
             parser { p_add_context_splunk(key("dell_rsa_secureid")); };
         } else {
             rewrite {
                 set("dell_rsa_secureid", value("fields.sc4s_vendor_product"));
-                r_set_splunk_dest_default(sourcetype("rsa:securid:syslog"), index("netauth"))
+                r_set_splunk_dest_default(sourcetype("rsa:securid:syslog"))
             };
             parser { p_add_context_splunk(key("dell_rsa_secureid")); };
         };
@@ -81,7 +81,7 @@ log {
             subst("^[^\t]+\t", "", value("MESSAGE"), flags("global"));
             set("${PROGRAM}", value(".PROGRAM"));
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
-            r_set_splunk_dest_default(sourcetype("nix:syslog"), index("osnix"), source("program:${.PROGRAM}"))
+            r_set_splunk_dest_default(sourcetype("nix:syslog"),  source("program:${.PROGRAM}"))
         };
         parser { p_add_context_splunk(key("dell_rsa_secureid")); };
         parser (compliance_meta_by_source);
@@ -99,7 +99,7 @@ log {
         };
         rewrite {
             set("dell_rsa_secureid", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("rsa:securid:trace"), index("netauth"));
+            r_set_splunk_dest_default(sourcetype("rsa:securid:trace"));
         };
         parser { p_add_context_splunk(key("p_add_context_splunk")); };
         parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl

@@ -31,7 +31,7 @@ log {
             set("f5_bigip", value("fields.sc4s_vendor_product"));
             set("${PROGRAM}", value(".PROGRAM"));
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
-            r_set_splunk_dest_default(sourcetype("f5:bigip:syslog"), index("netops"), source("program:${.PROGRAM}"))
+            r_set_splunk_dest_default(sourcetype("f5:bigip:syslog"),  source("program:${.PROGRAM}"))
         };
         parser { p_add_context_splunk(key("f5_bigip")); };
         parser (compliance_meta_by_source);
@@ -42,7 +42,7 @@ log {
         };
         rewrite {
             set("f5_bigip_access_json", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("f5:bigip:ltm:access_json"), index("netops"))
+            r_set_splunk_dest_default(sourcetype("f5:bigip:ltm:access_json"))
         };
         parser { p_add_context_splunk(key("f5_bigip_access_json")); };
         parser (compliance_meta_by_source);
@@ -56,32 +56,32 @@ log {
                 program('^f5_irule=Splunk-iRule-HTTP')
             };
             rewrite {
-                r_set_splunk_dest_default(sourcetype("f5:bigip:ltm:http:irule"), index("netops"))
+                r_set_splunk_dest_default(sourcetype("f5:bigip:ltm:http:irule"))
             };
         } elif {
             filter {
                 program('^f5_irule=Splunk-iRule-DNS_REQUEST')
             };
             rewrite {
-                r_set_splunk_dest_default(sourcetype("f5:bigip:gtm:dns:request:irule"), index("netops"))
+                r_set_splunk_dest_default(sourcetype("f5:bigip:gtm:dns:request:irule"))
             };
         } elif {
             filter {
                 program('^f5_irule=Splunk-iRule-DNS_RESPONSE')
             };
             rewrite {
-                r_set_splunk_dest_default(sourcetype("f5:bigip:gtm:dns:response:irule"), index("netops"))
+                r_set_splunk_dest_default(sourcetype("f5:bigip:gtm:dns:response:irule"))
             };
         } elif {
             filter {
                 program('^f5_irule=Splunk-iRule-LB_FAILED')
             };
             rewrite {
-                r_set_splunk_dest_default(sourcetype("f5:bigip:ltm:failed:irule"), index("netops"))
+                r_set_splunk_dest_default(sourcetype("f5:bigip:ltm:failed:irule"))
             };
         } else {
             rewrite {
-                r_set_splunk_dest_default(sourcetype("f5:bigip:irule"), index("netops"))
+                r_set_splunk_dest_default(sourcetype("f5:bigip:irule"))
             };
         };
         rewrite {
@@ -96,7 +96,7 @@ log {
         };
         rewrite {
             set("f5_bigip_asm", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("f5:bigip:asm:syslog"), index("netwaf"))
+            r_set_splunk_dest_default(sourcetype("f5:bigip:asm:syslog"))
         };
         parser { p_add_context_splunk(key("f5_bigip_asm")); };
         parser (compliance_meta_by_source);
@@ -108,7 +108,7 @@ log {
             subst("^[^\t]+\t", "", value("MESSAGE"), flags("global"));
             set("${PROGRAM}", value(".PROGRAM"));
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
-            r_set_splunk_dest_default(sourcetype("nix:syslog"), index("netops"), source("program:${.PROGRAM}"))
+            r_set_splunk_dest_default(sourcetype("nix:syslog"),  source("program:${.PROGRAM}"))
         };
         parser { p_add_context_splunk(key("f5_bigip")); };
         parser (compliance_meta_by_source);
@@ -117,7 +117,7 @@ log {
         rewrite {
             set("f5_bigip_rogue_message", value("fields.sc4s_vendor_product"));
             set("rogue-f5", value("fields.sc4s_error"));
-            r_set_splunk_dest_default(sourcetype("f5:bigip:rogue"), index("netops"))
+            r_set_splunk_dest_default(sourcetype("f5:bigip:rogue"))
         };
         parser { p_add_context_splunk(key("f5_bigip")); };
         parser (compliance_meta_by_source);

package/etc/conf.d/log_paths/lp-forcepoint_webprotect.conf.tmpl

@@ -24,7 +24,7 @@ log {
     rewrite {
         subst(" [^ =]+\=\-", "", value("MESSAGE"), flags("global"));
         set("forcepoint_webprotect", value("fields.sc4s_vendor_product"));
-        r_set_splunk_dest_default(sourcetype("websense:cg:kv"), index("netproxy"))
+        r_set_splunk_dest_default(sourcetype("websense:cg:kv"))
     };
     parser {p_add_context_splunk(key("forcepoint_webprotect")); };
     parser (compliance_meta_by_source);