Hi ,
I would like to route the data into different indexes based on a field value.
Lets say I have a field **F5_TYPE** with two values 'INTERNAL' and "EXTERNAL' . Here, I want to route data with **F5_TYPE** value with 'INTERNAL' into index1 and **F5_TYPE** value with 'EXTERNAL' into index2 . And I did some changes in props.conf, transforms.conf, inputs.conf
In transforms.conf
[route_int]
REGEX = F5_TYPE=INTERNAL
DEST_KEY =_MetaData:Index
FORMAT = internal
[route_ext]
REGEX = F5_TYPE=EXTERNAL
DEST_KEY = _MetaData:Index
FORMAT = external
In props.conf
[host::host_name] // also tried [log_source_type]
TRANSFORMS-index1 = route_int
TRANSFORMS-index2 = route_ext
In inputs.conf
[monitor:///Users/mdeep/Downloads.hslog_test.txt]
index = index1
sourcetype = log_source_type
host = host_name
[monitor:///Users/mdeep/Downloads.hslog_test.txt]
index = index2
sourcetype = log_source_type
host = host_name
but while uploading data , not able to see any filtering in the data.
Thank you,
Mani
↧