Skip to content

Commit

Permalink
Update p_multi-vmware_nsx.conf.tmpl
Browse files Browse the repository at this point in the history
  • Loading branch information
rfaircloth-splunk committed Dec 17, 2019
1 parent 2ab2394 commit 8ddb10e
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions package/etc/conf.d/log_paths/p_multi-vmware_nsx.conf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ log {

rewrite {
r_set_splunk_dest_default(sourcetype("vmware:nsx:vsphere:syslog"), index("main"), template("t_JSON_5424"), source("program:${PROGRAM}"));
set("$(template ${fields.sc4s_template} $(template t_JSON_5424))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_JSON_5424))" value("MSG"));
};
parser {
p_add_context_splunk(key("vmware_nsx"));
Expand All @@ -35,7 +35,7 @@ log {
set("${PROGRAM}", value(".PROGRAM"));
subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
r_set_splunk_dest_default(sourcetype("vmware:nsx:vsphere:syslog"), index("main"), template("t_legacy_hdr_msg"), source("program:${.PROGRAM}"));
set("$(template ${fields.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
};
parser {
p_add_context_splunk(key("vmware_nsx"));
Expand All @@ -47,7 +47,7 @@ log {

rewrite {
r_set_splunk_dest_default(sourcetype("vmware:esx:vsphere:syslog"), index("main"), template("t_JSON_5424"), source("program:${PROGRAM}"));
set("$(template ${fields.sc4s_template} $(template t_JSON_5424))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_JSON_5424))" value("MSG"));
};
parser {
p_add_context_splunk(key("vmware_esx"));
Expand All @@ -60,7 +60,7 @@ log {
set("${PROGRAM}", value(".PROGRAM"));
subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
r_set_splunk_dest_default(sourcetype("vmware:esx:vsphere:syslog"), index("main"), template("t_legacy_hdr_msg"), source("program:${.PROGRAM}"));
set("$(template ${fields.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
};
parser {
p_add_context_splunk(key("vmware_esx"));
Expand All @@ -87,7 +87,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down

0 comments on commit 8ddb10e

Please sign in to comment.