Skip to content

Commit

Permalink
[fix] Return to prior behavior to not change splunk_metadata (#656)
Browse files Browse the repository at this point in the history
  • Loading branch information
Ryan Faircloth authored and GitHub committed Aug 21, 2020
1 parent 5e7be93 commit 3543499
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 4 deletions.
2 changes: 1 addition & 1 deletion package/etc/conf.d/conflib/_splunk/splunk_context.conf
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
block parser p_add_context_splunk(key("syslogng-fallback")) {
add-contextual-data(
selector("`key`"),
database("conf.d/local/context/splunk_metadata.csv"),
database("conf.d/merged/context/splunk_metadata.csv"),
prefix(".splunk.")
);
};
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/lp-common_event_format.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ parser p_cef_ts_end {
parser p_cef_class {
add-contextual-data(
selector("${fields.cef_device_vendor}_${fields.cef_device_product}_${fields.cef_device_event_class}"),
database("conf.d/local/context/splunk_metadata.csv")
database("conf.d/merged/context/splunk_metadata.csv")
ignore-case(yes)
prefix(".splunk.")
);
Expand Down
6 changes: 4 additions & 2 deletions package/sbin/entrypoint.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,11 @@ trap 'kill ${!}; hup_handler' SIGHUP
trap 'kill ${!}; term_handler' SIGTERM

mkdir -p /opt/syslog-ng/etc/conf.d/local/context/
mkdir -p /opt/syslog-ng/etc/conf.d/merged/context/
mkdir -p /opt/syslog-ng/etc/conf.d/local/config/



cp /opt/syslog-ng/etc/context_templates/* /opt/syslog-ng/etc/conf.d/local/context
for file in /opt/syslog-ng/etc/conf.d/local/context/*.example ; do cp --verbose -n $file ${file%.example}; done
if [ "$SC4S_RUNTIME_ENV" == "k8s" ]
Expand All @@ -59,7 +61,7 @@ then
# Add new entries
temp_file=$(mktemp)
awk '{print $0}' /opt/syslog-ng/etc/conf.d/configmap/context/splunk_metadata.csv /opt/syslog-ng/etc/context_templates/splunk_metadata.csv.example | grep -v '^#' | sort -b -t ',' -k1,2 -u > $temp_file
cp -f $temp_file /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv
cp -f $temp_file /opt/syslog-ng/etc/conf.d/merged/context/splunk_metadata.csv

else
# splunk_index.csv updates
Expand All @@ -72,7 +74,7 @@ else
# Add new entries
temp_file=$(mktemp)
awk '{print $0}' ${LEGACY_SPLUNK_INDEX_FILE} /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv /opt/syslog-ng/etc/context_templates/splunk_metadata.csv.example | grep -v '^#' | sort -b -t ',' -k1,2 -u > $temp_file
cp -f $temp_file /opt/syslog-ng/etc/conf.d/local/context/splunk_metadata.csv
cp -f $temp_file /opt/syslog-ng/etc/conf.d/merged/context/splunk_metadata.csv
# We don't need this file any longer
rm -f /opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv.example || true
if [ -f /opt/syslog-ng/etc/conf.d/local/context/splunk_index.csv ]; then
Expand Down

0 comments on commit 3543499

Please sign in to comment.