All other events get routed to the default group, everythingElseGroup. SyslogGroup and errorGroup receive events according to the rules specified in nf. Edit $SPLUNK_HOME/etc/system/local/nf to define the target groups.Therefore, only non-syslog events get inspected for errors. Those settings dictated that all syslog events should be filtered through the syslogRouting transform, while all non-syslog (default) events should be filtered through the errorRouting transform. This is due to the settings you previously specified in nf. In this example, if a syslog event contains the word "error", it routes to syslogGroup, not errorGroup. Edit $SPLUNK_HOME/etc/system/local/nf to set the routing rules for each routing transform.Edit $SPLUNK_HOME/etc/system/local/nf in $SPLUNK_HOME/etc/system/local to set two TRANSFORMS-routing settings: one for syslog data and a default for all other data.On the instance that is to do the routing, open a command or shell prompt.All other events to a default target group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |