Hi ,
I have two different types of logs, performance logs and alert logs.
for performance logs , I have a folder structure as follows,
\Splunk\etc\apps\myApp\logs\log_sample\host1\gn1*.cvs
\Splunk\etc\apps\myApp\logs\log_sample\host2\gn2*.cvs
\Splunk\etc\apps\myApp\logs\log_sample\host3\gn3*.cvs
here, host1, host2, and host3 are my host names.
I managed to extract above host names using "host_segment" in inputs.conf.
Now, for alert logs I have a below directory structure.
\Splunk\etc\apps\myApp\logs\AlertLogs*.csv
For all these alert logs I need a static hostname say "alert".
How can I configure Inputs.conf to handle above situation ?
Regards,
S.
... View more