Update index from netops to netwaf for the f5_bigip_asm events

CSVD · May 6, 2020 · c91f57f · c91f57f
1 parent 88dd159
commit c91f57f
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 3 deletions.
diff --git a/package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl b/package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl
@@ -98,7 +98,7 @@ log {
         };
         rewrite {
             set("f5_bigip_asm", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("f5:bigip:asm:syslog"), index("netops"))
+            r_set_splunk_dest_default(sourcetype("f5:bigip:asm:syslog"), index("netwaf"))
         };
         parser { p_add_context_splunk(key("f5_bigip_asm")); };
         parser (compliance_meta_by_source);

diff --git a/package/etc/context_templates/splunk_index.csv.example b/package/etc/context_templates/splunk_index.csv.example
@@ -27,7 +27,7 @@
 #forcepoint_webprotect,index,netproxy
 #f5_bigip,index,netops
 #f5_bigip_irule,index,netops
-#f5_bigip_asm,index,netops
+#f5_bigip_asm,index,netwaf
 #f5_bigip_nix,index,netops
 #fortinet_fortios_event,index,netops
 #fortinet_fortios_log,index,netops

diff --git a/tests/test_f5_bigip.py b/tests/test_f5_bigip.py
@@ -341,7 +341,7 @@ def test_f5_bigip_asm_syslog(record_property, setup_wordlist, get_host_key, setu
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops _time={{ epoch }} sourcetype=\"f5:bigip:asm:syslog\" host=\"{{ host }}\"")
+        "search index=netwaf _time={{ epoch }} sourcetype=\"f5:bigip:asm:syslog\" host=\"{{ host }}\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)