Hi everyone,
I am trying to add a custom field on every events that coming from a Heavy-Forwarder, so that from search I can know which HF the evnets are going thru.
Here is my configuration in a HF:
props.conf:
[default]
TRANSFORMS-addHF = addHF
transforms.conf:
[addHF]
INGEST_EVAL = hf="my-hf-01"
fields.conf:
[hf]
INDEXED=true
So instead of hardcoding the hostname for every HF, I am trying to find a way to use an OS variable such as hostname in the INGEST_EVAL.
Any idea how to achieve this?
Many thanks.
S
↧