LOOKUP-action_for_fs_notification = endpoint_change_vendor_action_lookup vendor_action OUTPUT action LOOKUP-change_type_for_fs_notification = fs_notification_change_type_lookup sourcetype OUTPUTNEW change_type # Legacy change_type lookup to support ES 2.0.2 # Field aliases for conformance to Change_Analysis::Filesystem_Changes objectįIELDALIAS-file_acl_for_fs_notification = mode as file_aclįIELDALIAS-file_hash_for_fs_notification = hash as file_hashĮVAL-file_modify_time = strptime(modtime, "%a %b %d %H:%M:%S %Y")įIELDALIAS-file_name_for_fs_notification = object as file_nameįIELDALIAS-file_path_for_fs_notification = object_path as file_pathįIELDALIAS-file_size_for_fs_notification = size as file_size REPORT-vendor_object_category_for_fs_notification = vendor_object_category_for_fs_notificationįIELDALIAS-vendor_action_for_fs_notification = action as vendor_actionįIELDALIAS-dest_for_fs_notification = host as destįIELDALIAS-user_for_fs_notification = uid as userįIELDALIAS-object_attrs_for_fs_notification = chgs as object_attrs REPORT-object_object_path_for_fs_notification = object_object_path_for_fs_notification # Optional fields: object_id,object_attrs,user_type,msg,data,severity # Required fields: action,dest,object,object_category,object_path,status,user REPORT-signature_for_dhcpd = signature_for_dhcpd ![]() ![]() REPORT-dest_for_dhcpd = dest_nt_host_as_dest,dest_mac_as_dest,dest_ip_as_dest REPORT-0dest_x_for_dhcpd = dest_kv_for_dhcpd_ack, dest_kv_for_dhcpd_ack2, dest_kv_for_dhcpd_discover, dest_kv_for_dhcpd_inform, dest_kv_for_dhcpd_nak, dest_kv_for_dhcpd_offer, dest_kv_for_dhcpd_request # To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/TA-nix/default # Please make all changes to files in $SPLUNK_HOME/etc/apps/TA-nix/local.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |