Skip to content

Commit

Permalink
Merge branch 'develop' into feature/cisco-firepower
Browse files Browse the repository at this point in the history
  • Loading branch information
Ryan Faircloth authored and GitHub committed May 18, 2020
2 parents f066cd1 + 10ea83c commit 69ae994
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/lp-sc4s_internal.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ log {
rewrite {
subst('.*Log statistics; ', '', value("MESSAGE"), flags("utf8" "global"));
subst('([^= ]+=\x27[^\(]+\(#anon[^,\)]+(?:,[^,]+,[^\)]+)?\)\=\d+\x27(?:, )?)', '', value("MESSAGE"), flags("utf8" "global"));
subst('(?<Type>[^= ]+)=\x27(?<SourceName>[^\(]+)\((?<SourceId>\S+(?=\)=))(?:,(?<SourceInstance>[^,]+),(?<State>[^\)]+))?\)\=(?<Number>\d+)\x27,? ?',
subst('(?<Type>[^= ]+)=\x27(?<SourceName>[^\(]+)\((?<SourceId>\S+(?=\)[=,]))(?:,(?<SourceInstance>[^,]+),(?<State>[^\)]+))?\)\=(?<Number>\d+)\x27,? ?',
'{"time": "$S_UNIXTIME","event": "metric","host": "$HOST","index": "${.splunk.index}","source": "internal","sourcetype": "${.splunk.sourcetype}","fields": {"source_name": "${SourceName}","source_instance": "${SourceInstance}","state": "${State}","type": "${Type}","_value": ${Number},"metric_name": "syslogng.${SourceId}"}}
',
value("MESSAGE") flags("utf8" "global")
Expand Down

0 comments on commit 69ae994

Please sign in to comment.