Skip to content

Commit

Permalink
fix: postfilter automatic assignment
Browse files Browse the repository at this point in the history
  • Loading branch information
@rjha-splunk
rjha-splunk committed Sep 20, 2023
1 parent 6a051b4 commit 45dc1e5
Show file tree
Hide file tree
Showing 5 changed files with 3 additions and 8 deletions.
1 change: 0 additions & 1 deletion package/etc/conf.d/conflib/post-filter/app-postfilter-cisco_acs.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,6 @@ block parser app-postfilter-cisco_acs() {
inherit-mode(context)
)
timeout(10)
persist-name("grouping-by-app-postfilter-cisco_acs")
);
};

Expand Down
3 changes: 1 addition & 2 deletions package/etc/conf.d/conflib/post-filter/app-postfilter-cisco_ise.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ block parser app-postfilter-cisco_ise() {

parser{
grouping-by(
scope(program)
scope(host)
key("${.values.serial}")
trigger("$(context-length)" >= "${.values.num}")
sort-key("${.values.seq}")
Expand All @@ -38,7 +38,6 @@ block parser app-postfilter-cisco_ise() {
inherit-mode(context)
)
timeout(10)
persist-name("grouping-by-app-postfilter-cisco_ise")
);
};

Expand Down
1 change: 0 additions & 1 deletion package/etc/conf.d/conflib/post-filter/app-postfilter-vmware_vsphere_invalidmultiline.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@ block parser app-postfilter-vmware_vsphere_invalidmultiline() {
inherit-mode(context)
)
timeout(2)
persist-name("grouping-by-app-postfilter-vmware_vsphere_invalidmultiline")
);
};

Expand Down
3 changes: 1 addition & 2 deletions package/etc/conf.d/conflib/post-filter/app-postfilter-vmware_vsphere_sdrsInjector.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ block parser app-postfilter-vmware_vsphere_sdrsInjector() {
parser{
grouping-by(
scope(program)
key('$SOURCEIP')
key('$FULLHOST')
aggregate(
tags("agg")
value("MESSAGE" "$(implode '\n' $(list-slice 0:-1 $(context-values ${MESSAGE})))")
Expand All @@ -28,7 +28,6 @@ block parser app-postfilter-vmware_vsphere_sdrsInjector() {
inherit-mode(context)
)
timeout(2)
persist-name("grouping-by-app-postfilter-vmware_vsphere_sdrsInjector")
);
};

Expand Down
3 changes: 1 addition & 2 deletions package/etc/conf.d/conflib/post-filter/app-postfilter-vmware_vsphere_storageRM.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ block parser app-postfilter-vmware_vsphere_storageRM() {
parser{
grouping-by(
scope(program)
key('$SOURCEIP')
key('$FULLHOST_FROM')
trigger(message('datastoreSlopeUS\[5\]'))
aggregate(
tags("agg")
Expand All @@ -29,7 +29,6 @@ block parser app-postfilter-vmware_vsphere_storageRM() {
inherit-mode(context)
)
timeout(2)
persist-name("grouping-by-app-postfilter-vmware_vsphere_storageRM")
);
};

Expand Down

0 comments on commit 45dc1e5

Please sign in to comment.