hello,
I need to split the OS logs from apache and tomcat logs.
For this I need to send OS logs to a specific index.
My issue is that my host is sending through udp the logs directly to splunk. I don't use Splunk forwarder for this host.
So is there a way to configure a filter based on "process " or sourcetype in order to send OS logs to another index ?
Regards,
↧