![]() ![]() LOOKUP-auto-dst-lookup = subnets Subnet AS dst OUTPUT Description AS dst_description at the top of props not defined by a sorucetype or anything. I have automatic lookups in my "search" app local/nf running on things like "src" and "dst" fields. My automatic lookup is not working on fields that were created via FIELDALIAS's. I can subtract it from master list to show pending. Using mvappend, I can mix in progress and complete. Remember, I have to pick up logs for only TODAY. E complete has a, b, c, d, e then in progress and complete will be NIL. In pending table I have to show : not received (not started/compete) jobs. In completed there will be all the jobs that are complete for today (not any other date data). So my logic is : I will show the latest job which started in the in progress table by using head 1 sorted by_time. I have to show 3 tables: in progress jobs, completed jobs, and pending jobs. There is a started kind of logging in server and also completed successfully kind of logging in server. I am preparing a dashboard for Websphere team job monitoring. Which seems to imply that to do what I want to do, I need to modify the nf so the defaultgroup=nothing and then modify all the nf and nf files for all my inputs to point to the "default-autolb-group" in nf that sends to the indexers, and then for this app have the ONLY output reference pointing to the "my_syslog_group" in nf. # not sure why this is here.Īs you can tell, I tried to add a 'dropall', but that just dropped everything without sending a copy to the syslog server first. I've read through this which helped me get the current configuration:ĮXTRACT-Domain = (?i). IOW, I want all data collected by this HF to go to the indexers, EXCEPT this data which should be sent to the syslog server ONLY. I now need to send that data (collected via file monitoring) to the syslog server and NOT to the indexers. ![]() All of that data is being forwarded to two indexes.Ī few weeks ago I configured one of the file monitoring inputs to send a copy of the data it collected to a syslog server. Some via powershell scripts, some via WMI, some via file monitoring locally and over UNC paths. Here is my situation: I have a Windows HF that is collecting a lot of different data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |