Skip to content

Commit

Permalink
Merge pull request #243 from splunk/fix/template_override
Browse files Browse the repository at this point in the history 
fix template override variable
  • Loading branch information
Ryan Faircloth authored and GitHub committed Dec 17, 2019
2 parents 62712dc + ea3b9a2 commit d365be0
Show file tree
Hide file tree
Showing 25 changed files with 29 additions and 29 deletions.
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-checkpoint_splunk.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,7 +79,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-cisco_acs.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("PID"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-cisco_asa.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-cisco_ios.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-cisco_ise.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("PID"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-cisco_nxos.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-forcepoint_webprotect.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-fortinet_fortios.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
8 changes: 4 additions & 4 deletions package/etc/conf.d/log_paths/p_rfc3164-infoblox.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ log {
set("${PROGRAM}", value(".PROGRAM"));
subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
r_set_splunk_dest_default(sourcetype("infoblox:dns"), index("netdns"), source("program:${.PROGRAM}"))
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
};
parser {
p_add_context_splunk(key("infoblox_dns"));
Expand All @@ -34,7 +34,7 @@ log {
set("${PROGRAM}", value(".PROGRAM"));
subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
r_set_splunk_dest_default(sourcetype("infoblox:dhcp"), index("netipam"), source("program:${.PROGRAM}"))
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
};
parser {
p_add_context_splunk(key("infoblox_dhcp"));
Expand All @@ -46,7 +46,7 @@ log {
set("${PROGRAM}", value(".PROGRAM"));
subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
r_set_splunk_dest_default(sourcetype("infoblox:threat"), index("netids"), source("program:${.PROGRAM}"))
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
};
parser {
p_add_context_splunk(key("infoblox_threat"));
Expand All @@ -61,7 +61,7 @@ log {

rewrite {
r_set_splunk_dest_default(sourcetype("nix:syslog"), index("osnix"), source("program:${.PROGRAM}") )
set("$(template ${fields.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));

};

Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-juniper_idp.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_sdata_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_sdata_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-juniper_junos.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-juniper_netscreen.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-juniper_nsm_idp.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_standard))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_standard))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-microfocus_arcsight.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-paloalto_panos.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-proofpoint_pps.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc3164-zscaler_nss.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
4 changes: 2 additions & 2 deletions package/etc/conf.d/log_paths/p_rfc3165-symantec_brightmail.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down Expand Up @@ -96,7 +96,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc5424-noversion_cisco_asa.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc5424-noversion_symantec_proxy.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_msg_only))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_msg_only))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc5424-strict_juniper_junos.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_JSON_5424))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_JSON_5424))" value("MSG"));
unset(value("RAWMSG"));
groupunset(values(".kv.*"));
};
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_rfc5424_epoch-cisco_meraki.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_za_nix_syslog.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ log {
#disk queue for network destinations. This can be very disk expensive
#if we don't
rewrite {
set("$(template ${fields.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_legacy_hdr_msg))" value("MSG"));
unset(value("RAWMSG"));
unset(value("PROGRAM"));
unset(value("LEGACY_MSGHDR"));
Expand Down
2 changes: 1 addition & 1 deletion package/etc/conf.d/log_paths/p_zz_fallback.conf.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ log {

rewrite {
r_set_splunk_dest_default(sourcetype("sc4s:fallback"), index("main"), template("t_JSON"));
set("$(template ${fields.sc4s_template} $(template t_JSON))" value("MSG"));
set("$(template ${.splunk.sc4s_template} $(template t_JSON))" value("MSG"));
};
parser {
p_add_context_splunk(key("sc4s_fallback"));
Expand Down

0 comments on commit d365be0

Please sign in to comment.