From c91f57faa120eecbfcb48341eb692b6aff88b4ad Mon Sep 17 00:00:00 2001
From: Mahir Chavda <mchavda@splunk.com>
Date: Wed, 6 May 2020 16:06:18 +0530
Subject: [PATCH] Update index from netops to netwaf for the f5_bigip_asm
 events

---
 package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl     | 2 +-
 package/etc/context_templates/splunk_index.csv.example | 2 +-
 tests/test_f5_bigip.py                                 | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl b/package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl
index ee9e332..fa32d23 100644
--- a/package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl
+++ b/package/etc/conf.d/log_paths/lp-f5_bigip.conf.tmpl
@@ -98,7 +98,7 @@ log {
         };
         rewrite {
             set("f5_bigip_asm", value("fields.sc4s_vendor_product"));
-            r_set_splunk_dest_default(sourcetype("f5:bigip:asm:syslog"), index("netops"))
+            r_set_splunk_dest_default(sourcetype("f5:bigip:asm:syslog"), index("netwaf"))
         };
         parser { p_add_context_splunk(key("f5_bigip_asm")); };
         parser (compliance_meta_by_source);
diff --git a/package/etc/context_templates/splunk_index.csv.example b/package/etc/context_templates/splunk_index.csv.example
index 694dec6..2fbd567 100644
--- a/package/etc/context_templates/splunk_index.csv.example
+++ b/package/etc/context_templates/splunk_index.csv.example
@@ -27,7 +27,7 @@
 #forcepoint_webprotect,index,netproxy
 #f5_bigip,index,netops
 #f5_bigip_irule,index,netops
-#f5_bigip_asm,index,netops
+#f5_bigip_asm,index,netwaf
 #f5_bigip_nix,index,netops
 #fortinet_fortios_event,index,netops
 #fortinet_fortios_log,index,netops
diff --git a/tests/test_f5_bigip.py b/tests/test_f5_bigip.py
index 1d99448..ca31ca6 100644
--- a/tests/test_f5_bigip.py
+++ b/tests/test_f5_bigip.py
@@ -341,7 +341,7 @@ def test_f5_bigip_asm_syslog(record_property, setup_wordlist, get_host_key, setu
     sendsingle(message, setup_sc4s[0], setup_sc4s[1][514])
 
     st = env.from_string(
-        "search index=netops _time={{ epoch }} sourcetype=\"f5:bigip:asm:syslog\" host=\"{{ host }}\"")
+        "search index=netwaf _time={{ epoch }} sourcetype=\"f5:bigip:asm:syslog\" host=\"{{ host }}\"")
     search = st.render(epoch=epoch, host=host)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)