Hi All, Currently I have request from the network team that they wanted to point the site 03r & 04r from index=net sourcetype=cisco:network:router to index=net sourcetype=cisco:network:switch .
I could see there 35 devices currently pointing to the index=net sourcetype=cisco:network:router which needs to be pointed to index=net sourcetype=cisco:network:switch.
device names to be moved to the index=net sourcetype=cisco:network:switch from index=net sourcetype=cisco:network:router
xxxxxx03r
uxxxxx03r
xxxxxx03r
uxxxxx03r-vlan200
uxxxxx04r
uxxxxx04r
uxxxxx04r
cxxxxxx04r
details inputs.conf
[monitor:///opt/syslogs/network/.../router.log*]
index=net
sourcetype=cisco:network:router
host_segment=4
[monitor:///opt/syslogs/network/.../switch.log*]
index=net
sourcetype=cisco:network:switch
host_segment=4
kindly guide me how to reconfigure network device to point to index=net sourcetype=cisco:network:switch instead of index=net sourcetype=cisco:network:router.
thanks in advance.
↧