cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
dyhorner
Engager
Member since: ‎06-14-2018
‎08-14-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 0
Karma Received 1
Member Since ‎06-14-2018
View All

Re: Can you help me rewrite the hostname of syslog...

by in Installation
‎11-07-2018 11:45 AM
‎11-07-2018 11:45 AM
Yes I am actually doing that for my firewalls already and that works fine using host_segment. Was hoping to be able to leave all my switches in one location instead of making hundreds of directories. Its obviously expecting host where Kiwi puts facility. Havent found a way to change that on the Kiwi side yet so was hoping Splunk had something I was unaware of. Previously we sent everything direct to splunk when it was on prem but couldnt continue that when we went to splunk cloud. Thanks. ... View more

Can you help me rewrite the hostname of syslog dat...

by in Installation
‎11-06-2018 02:24 PM
1 Karma
‎11-06-2018 02:24 PM
1 Karma
I am currently migrating to the cloud but struggling to get the data in the cloud correctly. I have a Kiwi sylog server and a forwarder that is getting the data to the cloud, but it shows up with the incorrect host and source type. I have edited the inputs.conf to fix the source type to syslog, and that changes the hostname from the ip address of the syslog server to the facility in the message. I just need it to go one tab to the right. Any ideas? Below is an example of how the data is formatted when sent from Kiwi. 2018-11-06 16:20:23 Local7.Notice 10.1.111.1 ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-14-2020 12:55 PM
Karma from
View All