Skip to content

Commit

Permalink
Update p_za_nix_syslog.conf.tmpl
Browse files Browse the repository at this point in the history
  • Loading branch information
rfaircloth-splunk committed Dec 12, 2019
1 parent 57d74ea commit b48c445
Showing 1 changed file with 1 addition and 6 deletions.
7 changes: 1 addition & 6 deletions package/etc/conf.d/log_paths/p_za_nix_syslog.conf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,9 @@ log {
{{- end }}

rewrite {
set("zscaler_nss", value("fields.sc4s_vendor_product"));
set("nix_syslog", value("fields.sc4s_vendor_product"));
subst("^[^\t]+\t", "", value("MESSAGE"), flags("global"));
};
parser {
#basic parsing
kv-parser(prefix(".kv.") pair-separator("\t") template("${MSG}"));
};

rewrite { r_set_splunk_dest_default(sourcetype("nix:syslog"), index("main"))};
parser { p_add_context_splunk(key("nix_syslog")); };
Expand All @@ -34,7 +30,6 @@ log {
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
groupunset(values(".kv.*"));
};

{{- if ((getenv "SC4S_NIX_SYSLOG_GLOBAL" "yes") | conv.ToBool) or (conv.ToBool (getenv "SC4S_DEST_NIX_SYSLOG_HEC" "no") | conv.ToBool) }}
Expand Down

0 comments on commit b48c445

Please sign in to comment.