I found a props.conf in the apps/search folder that has my syslog entry in it. I tried tobuild this from there according to the post I mentioned earlier and I still don't have my fields.
My configuration is as follows:
inputs.conf:
[udp://6501]
connection_host = none
sourcetype = TippingPoint(Splunk)
source = TippingPoint (Combined)
index = main
disabled = 0
props.conf
[TippingPoint(Splunk)]
REPORT-TippingPoint(Splunk)extract = TippingPoint(Splunk)_extractions
KV_MODE = auto
transforms.conf:
[TippingPoint(Splunk)_extractions]
DELIMS = ";"
FIELDS="Timestamp","FilterName","ActionType","HitCount","SourceIP","SourcePort","DestIP","DestPort","Device","VLAN_Tag","Protocol"
... View more