Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow ability to change a default index #1990

Closed
traytonwhite opened this issue Jan 30, 2023 · 1 comment
Closed

Allow ability to change a default index #1990

traytonwhite opened this issue Jan 30, 2023 · 1 comment
Assignees
Labels
Application core dependency in sc4s enhancement New feature or request

Comments

@traytonwhite
Copy link

Currently it seems with the splunk_metadata.csv you must iterate over an exhaustive list of vendor_product combinations to switch a default index to something else. It'd be nice to have a way to fully replace a default index with another option.

An example would be how there's a default index of osnix - if one would like to have all the data that would normally go to osnix to instead go to an index called foo, goal of this enhancement request would be to have that as an option via the metadata config files.

@rjha-splunk rjha-splunk self-assigned this Feb 2, 2023
@rjha-splunk rjha-splunk added enhancement New feature or request Application core dependency in sc4s labels Feb 2, 2023
@rjha-splunk
Copy link
Collaborator

@mstopa-splunk wrote a small app conf to replace the default index with unique name sometime back as an example , same can be customised and used.

block parser app-dest-rewrite-index() {
    channel {
        rewrite {
            r_set_splunk_dest_update_v2(
                index("${.splunk.index}_unique-suffix")
            );
        };
    };
};

application app-dest-rewrite-index[sc4s-postfilter] {
    parser { app-dest-rewrite-index(); };
};

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Application core dependency in sc4s enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

2 participants