Add dynamic hostname field for local file source

Follow
Avatar
Giovanni Panepinto

Implement a way to dynamically determine the original hostname from a local file string expression.

IE if you are collecting logs from files in a local server that also acts as a remote syslog server the sumologic collector will use the actual logserver hostname as hostname field value for all the files even if the log entry contains a different hostname

Would be good to be able to dynamically setup the Hostname values when the file log source gets created based on the actual file content.

1

Comments

1 comment

Sort by Date Votes
  • Avatar
    Latimer Luis

    Hi Giovanni, 


    Some customers take the approach of parsing out their syslog events during ingest using our Field Extraction Rules. Oftentimes, they'll create a distinct rule to overwrite our _sourceHost metadata field with the name of the server found in the message itself. 

    The main drawback to this approach is that the extracted hostnames will not appear in the auto-complete list when typing in "_sourceHost=" in the query window. 

    Thanks,
    Latimer Luis
    Customer Success Manager

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post