loghost

CSVD · May 8, 2020 · 0f60814 · 0f60814
1 parent 59b533a
commit 0f60814
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/docs/configuration.md b/docs/configuration.md
@@ -27,7 +27,7 @@ syslog.
 | SC4S_DEST_SPLUNK_HEC_TLS_CA_FILE | path | Custom trusted cert file |
 | SC4S_DEST_SPLUNK_HEC_TLS_VERIFY | yes(default) or no | verify HTTP(s) certificate |
 | SC4S_DEST_SPLUNK_HEC_WORKERS | numeric | Number of destination workers (default: 10 threads).  This should rarely need to be changed; consult sc4s community for advice on appropriate setting in extreme high- or low-volume environments. |
-| SC4S_DEST_SPLUNK_INDEXED_FIELDS | facility,severity,container,log_host,dport,fromhostip,proto | list of sc4s indexed fields default list is all fields )
+| SC4S_DEST_SPLUNK_INDEXED_FIELDS | facility,severity,container,loghost,dport,fromhostip,proto | list of sc4s indexed fields default list is all fields )
 
 ## Alternate Destination Configuration
 

diff --git a/package/etc/conf.d/conflib/_splunk/splunkfields.conf.tmpl b/package/etc/conf.d/conflib/_splunk/splunkfields.conf.tmpl
@@ -1,27 +1,27 @@
 #Used to set indexed fields we will always use to global defaults
 rewrite r_set_splunk_default {
       set("SC4S:$SOURCE", value(".splunk.source"));
-{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,log_host,dport,fromhostip,proto") ",") has "facility" }}
+{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,loghost,dport,fromhostip,proto") ",") has "facility" }}
       set($FACILITY, value("fields.sc4s_syslog_facility"));
 {{- end}}      
-{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,log_host,dport,fromhostip,proto") ",") has "severity" }}
+{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,loghost,dport,fromhostip,proto") ",") has "severity" }}
       set($LEVEL, value("fields.sc4s_syslog_severity"));
 {{- end}}      
-{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,log_host,dport,fromhostip,proto") ",") has "log_host" }}
+{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,loghost,dport,fromhostip,proto") ",") has "loghost" }}
 {{- if (getenv "SC4S_CONTAINER_HOST") }}
       set("{{ getenv "SC4S_CONTAINER_HOST" }}", value("fields.sc4s_loghost"));
 {{- end}}      
 {{- end}}      
-{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,log_host,dport,fromhostip,proto") ",") has "container" }}
+{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,loghost,dport,fromhostip,proto") ",") has "container" }}
       set($LOGHOST, value("fields.sc4s_container"));
 {{- end}}      
-{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,log_host,dport,fromhostip,proto") ",") has "fromhostip" }}
+{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,loghost,dport,fromhostip,proto") ",") has "fromhostip" }}
       set($SOURCEIP, value("fields.sc4s_fromhostip"));
 {{- end}}      
-{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,log_host,destport,fromhostip,proto") ",") has "destport" }}
+{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,loghost,destport,fromhostip,proto") ",") has "destport" }}
       set($DESTPORT, value("fields.sc4s_destport"));
 {{- end}}    
-{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,log_host,destport,fromhostip,proto") ",") has "proto" }}
+{{- if (split (getenv "SC4S_DEST_SPLUNK_INDEXED_FIELDS" "facility,severity,container,loghost,destport,fromhostip,proto") ",") has "proto" }}
       set($PROTO, value("fields.sc4s_proto"));
 {{- end}}    
 };