Hi,
I want to add hostname or host IP to the head of each row before forwarding. Is it possible with transforms.conf?
Can a Splunk forwarder learn and set host info to any token so we can use it conf files?
**example raw log :**
06-07-2016 14:44:18.878 +0300 INFO Blablabal - Msgmsgmsgmsgmsgm
06-07-2016 14:44:20.754 +0300 WARN Blablsaeccl - Msgmsgm dasas
**After transform:**
**HOSTNAME** 06-07-2016 14:44:18.878 +0300 INFO Blablabal - Msgmsgmsgmsgmsgm
**HOSTNAME** 06-07-2016 14:44:20.754 +0300 WARN Blablsaeccl - Msgmsgm dasas
or
**xx.xxx.xx.xx** 06-07-2016 14:44:18.878 +0300 INFO Blablabal - Msgmsgmsgmsgmsgm
**xx.xxx.xx.xx** 06-07-2016 14:44:20.754 +0300 WARN Blablsaeccl - Msgmsgm dasas
Thanks.
↧