I am working with a heavy forwarder tier that is running syslog where network devices are sending data. For ease of tracking where each file is being monitored from, I would like to add some metadata to the monitored files, that includes the heavy forwarder they are being collected from (this tier is load balanced so the data could land on any number of hosts).
I have tried adding _meta = hvy_fwd::$HOSTNAME and that does not appear to be doing the trick.
Example monitoring stanza:
[monitor:///var/log/remote/my_network_device]
index = network
sourcetype = mysourcetype
ignoreOlderThan = 1d
disabled = false
host_segment = 4
blacklist = \.(gz|tgz|xz|\d{1})$
_meta = heavy_forwarder::$HOSTNAME
Any help would be greatly appreciated.
↧