I have the following configuration for filtering the data coming from X udp port data input to an index that's being already created:
props.conf
[source::udp:X]
TRANSFORMS-new_index= route_index
transforms.conf
[route_index]
REGEX = ^"ip_add"$
DEST_KEY = _MetaData:Index
FORMAT = new_index
I know I'm almost there, but why it isn't working how it is supposed to?
Thanks!
↧