I have a remote host that is sending logs via a universal forwarder. The logs are arriving with a hostname of "prodsde01"
How can I change this to an IP address instead (i.e 10.201.1.10)
I tried the props/transforms config but I can't get the regex right
Here is the syslog message
Sep 26 20:33:23 prodsde01 scdpd[13592]: Alarm model 10: svSysServiceComponentOnlineNotification: Unavailable Service Component Cleared: svsde
↧