Correct key

docs/sources/Checkpoint/index.md

@@ -30,6 +30,7 @@ to allow routing to appropriate indexes. All other source meta data is left at d
 | checkpoint_splunk_dlp         | dlp         | netdlp          | none           |
 | checkpoint_splunk_email         | email         | email          | none           |
 | checkpoint_splunk_firewall         | firewall         | netfw          | none           |
+| checkpoint_splunk_os | program:${program} | netops | none |
 | checkpoint_splunk_sessions         | sessions         | netops          | none           |
 | checkpoint_splunk_web         | web         | netproxy          | none           |
 

package/etc/conf.d/log_paths/lp-checkpoint_splunk.conf.tmpl

@@ -131,7 +131,7 @@ log {
                         subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
                     };
                 rewrite { r_set_splunk_dest_default(sourcetype("nix:syslog"),  source("program:${.PROGRAM}")) };
-                parser { p_add_context_splunk(key("checkpoint_os")); };                
+                parser { p_add_context_splunk(key("checkpoint_splunk_os")); };                
 
             };
 
@@ -164,7 +164,7 @@ log {
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
         };
         rewrite { r_set_splunk_dest_default(sourcetype("nix:syslog"),  source("program:${.PROGRAM}")) };
-        parser { p_add_context_splunk(key("checkpoint_os")); };
+        parser { p_add_context_splunk(key("checkpoint_splunk_os")); };
 
         parser (compliance_meta_by_source);
         rewrite { set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG")); };

package/etc/context_templates/splunk_metadata.csv.example

@@ -11,6 +11,7 @@ checkpoint_splunk_dlp,index,netdlp
 checkpoint_splunk_email,index,email
 checkpoint_splunk_firewall,index,netfw
 checkpoint_splunk_ids,index,netids
+checkpoint_splunk_os,index,netops
 checkpoint_splunk_sessions,index,netops
 checkpoint_splunk_web,index,netproxy
 checkpoint_splunk,index,netops