Hi, i have a setup where a packet broker is sending multiple data streams to a universal forwarder.
I need to understand if the traffic is tagged somehow from a particular source (replay a pcap file through packet broker), can I use inputs.conf with the tagged 'field' that will hopefully show a difference so i can send to a specific index or do i need to use props / transforms / outputs?
thanks in advance
Damindra
↧