Merge pull request #485 from splunk/fields/shorten_rogue

Shorten rogue/dtparse indexed field

package/etc/conf.d/conflib/_common/date-parser_nofilter.conf.tmpl

@@ -10,7 +10,7 @@ block parser date-parser-nofilter(
                     flags(guess-timezone));
                 };
             } else {
-                rewrite { set("date/time parser failed; possible rogue message. Expected strptime format: `format`; Actual timestamp: `template`" value("fields.sc4s_error")); };
+                rewrite { set("dtparse: Expected: `format`; Actual: `template`" value("fields.sc4s_error")); };
             };
         };
     };

package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl

@@ -118,7 +118,7 @@ log {
     } else {
         rewrite {
             set("f5_bigip_rogue_message", value("fields.sc4s_vendor_product"));
-            set("Possible rogue message on f5 unique port", value("fields.sc4s_error"));
+            set("rogue-f5", value("fields.sc4s_error"));
             r_set_splunk_dest_default(sourcetype("f5:bigip:rogue"), index("netops"))
         };
         parser { p_add_context_splunk(key("f5_bigip")); };

package/etc/conf.d/log_paths/lp-fortinet.conf.tmpl

@@ -54,7 +54,7 @@ log {
             );
         };
     } else {
-        rewrite { set("date/time parser failed", value("fields.sc4s_error")); };
+        rewrite { set("rogue-fortinet", value("fields.sc4s_error")); };
     };
 
 # Fortiweb

package/etc/conf.d/log_paths/lp-zscaler_lss.conf.tmpl

@@ -73,7 +73,7 @@ log {
     } else {
         rewrite {
             set("zscaler_lss_rogue_message", value("fields.sc4s_vendor_product"));
-            set("Possible rogue message on zscaler_lss unique port", value("fields.sc4s_error"));
+            set("rogue-zscaler_lss", value("fields.sc4s_error"));
             r_set_splunk_dest_default(sourcetype("zscalerlss:rogue"), index("netproxy"))
         };
         parser { p_add_context_splunk(key("zscaler_lss")); };