From 744021d93054e409df2a2b9824e6e320aa0b0da2 Mon Sep 17 00:00:00 2001 From: rfaircloth-splunk Date: Wed, 18 Dec 2019 11:48:17 -0500 Subject: [PATCH] Update p_multi-vmware_nsx.conf.tmpl --- package/etc/conf.d/log_paths/p_multi-vmware_nsx.conf.tmpl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/package/etc/conf.d/log_paths/p_multi-vmware_nsx.conf.tmpl b/package/etc/conf.d/log_paths/p_multi-vmware_nsx.conf.tmpl index f5c1fa0..5396355 100644 --- a/package/etc/conf.d/log_paths/p_multi-vmware_nsx.conf.tmpl +++ b/package/etc/conf.d/log_paths/p_multi-vmware_nsx.conf.tmpl @@ -21,7 +21,7 @@ log { filter(f_vmware_nsx); rewrite { - r_set_splunk_dest_default(sourcetype("vmware:nsx:vsphere:syslog"), index("main"), source("program:${PROGRAM}")); + r_set_splunk_dest_default(sourcetype("vmware:vsphere:nsx"), index("main"), source("program:${PROGRAM}")); set("$(template ${.splunk.sc4s_template} $(template t_JSON_5424))" value("MSG")); }; parser { @@ -34,7 +34,7 @@ log { rewrite { set("${PROGRAM}", value(".PROGRAM")); subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM")); - r_set_splunk_dest_default(sourcetype("vmware:nsx:vsphere:syslog"), index("main"), source("program:${.PROGRAM}")); + r_set_splunk_dest_default(sourcetype("vmware:vsphere:nsx"), index("main"), source("program:${.PROGRAM}")); set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG")); }; parser { @@ -46,7 +46,7 @@ log { filter(f_vmware_vsphere); rewrite { - r_set_splunk_dest_default(sourcetype("vmware:esx:vsphere:syslog"), index("main"), source("program:${PROGRAM}")); + r_set_splunk_dest_default(sourcetype("vmware:vsphere:esx"), index("main"), source("program:${PROGRAM}")); set("$(template ${.splunk.sc4s_template} $(template t_JSON_5424))" value("MSG")); }; parser { @@ -59,7 +59,7 @@ log { rewrite { set("${PROGRAM}", value(".PROGRAM")); subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM")); - r_set_splunk_dest_default(sourcetype("vmware:esx:vsphere:syslog"), index("main"), source("program:${.PROGRAM}")); + r_set_splunk_dest_default(sourcetype("vmware:vsphere:esx"), index("main"), source("program:${.PROGRAM}")); set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG")); }; parser {