Hi all,
I am trying to setup dynamic sourcetype extraction, but no luck.
sample message has json:
{"id":"someid","type":"action"}
This is my config:
inputs.conf:
[tcp://9001]
connection_host = none
source=platform
props.conf:
[source::platform]
TRANSFORMS-sourcetype = platform-st
transofrms.conf:
[platform-st]
SOURCE_KEY = source
DEST_KEY = MetaData:Sourcetype
REGEX = \"type\":\"([^\"]+)\"
FORMAT = sourcetype::$1
Thank you
... View more