Merge pull request #248 from splunk/fix/vmware-st

Update vmware source type
CSVD · Dec 19, 2019 · c930a66 · c930a66
2 parents b6f74e7 + 704a40c
commit c930a66
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/docs/sources/VMWare/index.md b/docs/sources/VMWare/index.md
@@ -12,16 +12,16 @@
 
 | sourcetype     | notes                                                                                                   |
 |----------------|---------------------------------------------------------------------------------------------------------|
-| vmware:nsx:vsphere:syslog | None |
-| vmware:esx:vsphere:syslog | None |
+| vmware:vsphere:nsx | None |
+| vmware:vsphere:esx | None |
 | nix:syslog | When used with a default port this will follow the generic NIX configuration when using a dedicated port, IP or host rules events will follow the index configuration for vmware nsx  |
 
 ### Sourcetype and Index Configuration
 
 | key            | sourcetype     | index          | notes          |
 |----------------|----------------|----------------|----------------|
-| vmware_nsx      | vmware:nsx:vsphere:syslog | main          | none          |
-| vmware_esx      | vmware:esx:vsphere:syslog | main          | none          |
+| vmware_nsx      | vmware:vsphere:nsx | main          | none          |
+| vmware_esx      | vmware:vsphere:esx | main          | none          |
 
 ### Filter type
 

diff --git a/....d/log_paths/p_multi-vmware_nsx.conf.tmpl → ...nf.d/log_paths/p_vmware_vsphere.conf.tmpl b/....d/log_paths/p_multi-vmware_nsx.conf.tmpl → ...nf.d/log_paths/p_vmware_vsphere.conf.tmpl
@@ -21,7 +21,7 @@ log {
         filter(f_vmware_nsx);
 
         rewrite {
-            r_set_splunk_dest_default(sourcetype("vmware:nsx:vsphere:syslog"), index("main"), source("program:${PROGRAM}"));
+            r_set_splunk_dest_default(sourcetype("vmware:vsphere:nsx"), index("main"), source("program:${PROGRAM}"));
             set("$(template ${.splunk.sc4s_template} $(template t_JSON_5424))" value("MSG"));
         };
         parser {
@@ -34,7 +34,7 @@ log {
         rewrite {
             set("${PROGRAM}", value(".PROGRAM"));
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
-            r_set_splunk_dest_default(sourcetype("vmware:nsx:vsphere:syslog"), index("main"), source("program:${.PROGRAM}"));
+            r_set_splunk_dest_default(sourcetype("vmware:vsphere:nsx"), index("main"), source("program:${.PROGRAM}"));
             set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
         };
         parser {
@@ -46,7 +46,7 @@ log {
         filter(f_vmware_vsphere);
 
         rewrite {
-            r_set_splunk_dest_default(sourcetype("vmware:esx:vsphere:syslog"), index("main"), source("program:${PROGRAM}"));
+            r_set_splunk_dest_default(sourcetype("vmware:vsphere:esx"), index("main"), source("program:${PROGRAM}"));
             set("$(template ${.splunk.sc4s_template} $(template t_JSON_5424))" value("MSG"));
         };
         parser {
@@ -59,7 +59,7 @@ log {
         rewrite {
             set("${PROGRAM}", value(".PROGRAM"));
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
-            r_set_splunk_dest_default(sourcetype("vmware:esx:vsphere:syslog"), index("main"), source("program:${.PROGRAM}"));
+            r_set_splunk_dest_default(sourcetype("vmware:vsphere:esx"), index("main"), source("program:${.PROGRAM}"));
             set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
         };
         parser {

diff --git a/tests/test_vmware.py b/tests/test_vmware.py
@@ -25,7 +25,7 @@ def test_linux_vmware(record_property, setup_wordlist, setup_splunk):
 
     sendsingle(message)
 
-    st = env.from_string("search index=main {{ pid }} sourcetype=\"vmware:esx:vsphere:syslog\" | head 2")
+    st = env.from_string("search index=main {{ pid }} sourcetype=\"vmware:vsphere:esx\" | head 2")
     search = st.render(host=host, pid=pid)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -46,7 +46,7 @@ def test_linux_vmware_nsx_ietf(record_property, setup_wordlist, setup_splunk):
 
     sendsingle(message)
 
-    st = env.from_string("search index=main host={{ host }} PID={{ pid }} sourcetype=\"vmware:nsx:vsphere:syslog\" | head 2")
+    st = env.from_string("search index=main host={{ host }} PID={{ pid }} sourcetype=\"vmware:vsphere:nsx\" | head 2")
     search = st.render(host=host, pid=pid)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)
@@ -67,7 +67,7 @@ def test_linux_vmware_nsx_fw(record_property, setup_wordlist, setup_splunk):
 
     sendsingle(message)
 
-    st = env.from_string("search index=main host={{ host }} {{ pid }} sourcetype=\"vmware:nsx:vsphere:syslog\" | head 2")
+    st = env.from_string("search index=main host={{ host }} {{ pid }} sourcetype=\"vmware:vsphere:nsx\" | head 2")
     search = st.render(host=host, pid=pid)
 
     resultCount, eventCount = splunk_single(setup_splunk, search)