Correct vendor product for infoblox threat type

CSVD · Mar 5, 2020 · e02eeb5 · e02eeb5
2 parents 649250f + 890280a
commit e02eeb5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl b/package/etc/conf.d/log_paths/lp-infoblox.conf.tmpl
@@ -42,7 +42,7 @@ log {
     } elif {
         filter{program("threat-protect-log")};
         rewrite {
-            set("infoblox_dns", value("fields.sc4s_vendor_product"));
+            set("infoblox_threat", value("fields.sc4s_vendor_product"));
             set("${PROGRAM}", value(".PROGRAM"));
             subst('^\/(?:[^\/]+\/)+', "" , value(".PROGRAM"));
             r_set_splunk_dest_default(sourcetype("infoblox:threat"), index("netids"), source("program:${.PROGRAM}"))