Hello All,
We have the cluster environment and the syslog data is coming in from UDP port. We need to parse some of the syslog data from particular hosts.
Usually I will go with deploying `transforms.conf` and `props.conf` files for particular a `sourcetype` to search heads, but am not getting how we can achieve in this condition because we need to parse by host.
Could you please help me on this?
↧