Hi.
I have a single very huge file with different formats. So I decided to create 3 different sourcetypes for this single file. I tried the below, but I did not succeed. Can any one point out where am I lagging?
inputs.conf
[monitor:///file/path/file.txt]
disabled = false
followTail = 0
index = main
sourcetype = sourcetype1name
props.conf
[source::/file/path/file.txt]
TRANSFORMS-myfileformats = format1, format2, format3
transforms.conf
[format1]
REGEX =REGEX 1XXXXXXXXXXXX
FORMAT = sourcetype::Sourcetype2name
DEST_KEY = MetaData:Sourcetype
[format2]
REGEX = REGEX2XXXXXXXXXXXXXXXXXXX
FORMAT = sourcetype::Sourcetype3name
DEST_KEY = MetaData:Sourcetype
[format3]
REGEX = REGEX#XXXXXXXXXXXXXXXXXXXXXXXX
FORMAT = sourcetype::Sourcetype4name
DEST_KEY = MetaData:Sourcetype
These are my config files and am not sure what to be done here. I have not created the Sourcetype2, Sourcetype3, Sourcetype4 so far since Sourcetype cannot be created itself in 6.0 version.
... View more