I am trying to change the host name. the name is from the log files.
Sep 20 11:13:18 10.50.3.100 Sep 20 11:13:15 ac.dc1.buttercomom.com ASM:
the host name is always before ASM:
I tried to change it through transforms.conf but host name is not changing.below is my transforms.conf file
transforms.conf
[host_name]
SOURCE_KEY = _raw
REGEX = \s(\w+.\w+.\w+.\w+) ASM:$
FORMAT = host::$1
DEST_KEY = MetaData:Host
props.conf
[f5xxx]
DATETIME_CONFIG =
NO_BINARY_CHECK = true
TIME_PREFIX = x0x.xx.x.xx
category = Custom
pulldown_type = true
TRANSFORMS-register = host_name
How can i change the host name
secondly, if suppose there is problem in my regex, how can I identity that there is a problem with my regex. any clue from log file ?
↧