Title pretty self explanatory.
The files that I am indexing are having their host be determined by the directory in which they are located in. In my case, it is the system's hostname. For sourcetype, I would like to have it be the type of device (router, firewall, switch, etc). Is there a way to have the sourcetype dynamically be determined based off of the host? For an example, am I able to have a .cvs file with the host names and their desired sourcetypes? There are over 100 different hosts so manually importing them would be a bit of a hassle as it is done daily.
Any help would be appreciated!
↧