Correct hidden bugs not using splunk_index correctly

package/etc/conf.d/context/common_event_format_source.csv

@@ -1,4 +1,5 @@
 ArcSight_ArcSight,source,ArcSight:ArcSight
+ArcSight_ArcSight,index,main
 Carbon Black_Protection,sourcetype,carbonblack:protection:cef
 Carbon Black_Protection,index,cb:cef
 Cyber-Ark_Vault,sourcetype,cyberark:epv:cef

package/etc/conf.d/log_paths/lp-dell_rsa_secureid.conf.tmpl

@@ -83,7 +83,7 @@ log {
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
             r_set_splunk_dest_default(sourcetype("nix:syslog"), index("osnix"), source("program:${.PROGRAM}"))
         };
-        parser { p_add_context_splunk(key("nix_syslog")); };
+        parser { p_add_context_splunk(key("dell_rsa_secureid")); };
         parser (compliance_meta_by_source);
         rewrite { set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG")); };
     } else {
@@ -101,7 +101,7 @@ log {
             set("dell_rsa_secureid", value("fields.sc4s_vendor_product"));
             r_set_splunk_dest_default(sourcetype("rsa:securid:trace"), index("netauth"));
         };
-        parser { p_add_context_splunk(key("nix_syslog")); };
+        parser { p_add_context_splunk(key("p_add_context_splunk")); };
         parser (compliance_meta_by_source);
         rewrite { set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG")); };
 

package/etc/conf.d/log_paths/lp-juniper_junos_structured.conf.tmpl

@@ -25,7 +25,7 @@ log {
         set("juniper_junos", value("fields.sc4s_vendor_product"));
     };
     if (program('RT_IDP')) {
-        rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp:structured"), index("netids")) };
+        rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:idp:structured"), index("netfw")) };
         parser {p_add_context_splunk(key("juniper_idp_structured")); };
     } elif (program('RT_FLOW')) {
         rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:firewall:structured"), index("netfw")) };
@@ -43,7 +43,7 @@ log {
         rewrite { r_set_splunk_dest_default(sourcetype("juniper:junos:secintel:structured"), index("netfw")) };
         parser {p_add_context_splunk(key("juniper_junos_secintel_structured")); };
     } else {
-        rewrite { r_set_splunk_dest_default(sourcetype("juniper:structured"), index("netops")) };
+        rewrite { r_set_splunk_dest_default(sourcetype("juniper:structured"), index("netfw")) };
         parser {p_add_context_splunk(key("juniper_structured")); };
     };
 

package/etc/context_templates/splunk_index.csv.example

@@ -1,5 +1,5 @@
 bluecoat_proxy,index,netproxy
-ArcSight_ArcSight,index,netwaf
+ArcSight_ArcSight,index,main
 Cyber-Ark_Vault,index,netauth
 CyberArk_PTA,index,main
 Incapsula_SIEMintegration,index,netwaf
@@ -73,7 +73,7 @@ symantec_ep,index,epav
 vmware_esx,index,main
 vmware_nsx,index,main
 vmware_vcenter,index,main
-zscaler_alerts,index,main
+zscaler_alerts,index,netops
 zscaler_dns,index,netdns
 zscaler_fw,index,netfw
 zscaler_web,index,netproxy

tests/test_juniper_junos_rfc3164.py

@@ -28,7 +28,7 @@ def test_juniper_utm_standard(record_property, setup_wordlist, get_host_key, set
 
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
-    st = env.from_string("search _time={{ epoch }} index=netids host=\"{{ host }}\" sourcetype=\"juniper:junos:firewall\"")
+    st = env.from_string("search _time={{ epoch }} index=netfw host=\"{{ host }}\" sourcetype=\"juniper:junos:firewall\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)