I am new to splunk and i am now going to receive syslog from multiple devices on UDP514, so i cant define a specific sourcetype to UDP:514, right? And I installed the Fortigate apps and edited the /etc/hosts to resolve the IP. I can successfully resolve the IP to hostname "fortigate" and below are my input.conf and props.conf files
input.conf
[udp://514]
connection_host = dns
props.conf
[host::fortigate]
sourcetype = fortigate
It is not working, sourcetype of the data still shown as UDP:514, did i do any wrong?
Thanks for helping
... View more