Fix fqdn issues for nmon-logger

guilhemmarchand · Jul 29, 2017 · 5dccce3 · 5dccce3
1 parent 6f610c6
commit 5dccce3
Show file tree

Hide file tree

Showing 3 changed files with 56 additions and 1 deletion.
diff --git a/TA-nmon/default/props.conf_forWindows b/TA-nmon/default/props.conf_forWindows
@@ -648,3 +648,58 @@ TRANSFORMS-syslog = syslog-host
 
 # Rewrite sourcetype to standard nmon_clean
 TRANSFORMS-cleandata_fromsyslog = nmon_clean_fromsyslog_rewrite
+
+##############################################
+#			SPLUNK HEC (HTTP INPUT)
+##############################################
+
+# It is possible to forward nmon data over HTTP using the nmon-logger-hec package
+
+# the package is available at: https://github.com/guilhemmarchand/nmon-logger
+
+# In this scenario, the nmon-logger is deployed on servers, it produces the nmon data and stream directly
+# to your indexers using the Splunk HTTP input
+
+# This is "no Universal Forwarder" deployment scenario, which means the package is totally independent
+
+### nmon_data ###
+
+[nmon_data:fromhttp]
+SHOULD_LINEMERGE=false
+NO_BINARY_CHECK=true
+CHARSET=UTF-8
+TIME_FORMAT=%s
+TIME_PREFIX=timestamp="
+MAX_TIMESTAMP_LOOKAHEAD=26
+KV_MODE=auto
+
+# Rewrite host Metadata on a per event basis
+TRANSFORMS-http-host = http-host
+
+# Additional: In full extracted mode, we want 2 basic Nmon extracted at indexed time
+TRANSFORMS-nmon_data_kv_createindexed_time = nmon_data_kv_createindexed_OStype, nmon_data_kv_createindexed_type
+
+# Rewrite the source Metadata to manage search time extraction
+TRANSFORMS-perfdata_rewrite_meta = nmon_data_fromhttp_rewrite_host, nmon_data_fromhttp_rewrite_source, nmon_data_fromhttp_rewrite_sourcetype
+
+# For search heads, activate kvmode to auto for that source
+[source::perfdata:http]
+KV_MODE=auto
+
+### nmon_config ###
+
+[nmon_config:fromhttp]
+BREAK_ONLY_BEFORE=timestamp="
+MAX_EVENTS=100000
+NO_BINARY_CHECK=1
+SHOULD_LINEMERGE=true
+TIME_FORMAT=%s
+TIME_PREFIX=timestamp="
+TRUNCATE=0
+
+# Rewrite the source Metadata to manage search time extraction
+TRANSFORMS-configdata_rewrite_meta = nmon_config_fromhttp_rewrite_host, nmon_config_fromhttp_rewrite_source, nmon_config_fromhttp_rewrite_sourcetype
+
+# For search heads
+[source::configdata:http]
+KV_MODE=none
diff --git a/TA-nmon/default/transforms.conf b/TA-nmon/default/transforms.conf
@@ -172,7 +172,7 @@ FORMAT = sourcetype::nmon_data
 
 [nmon_config_fromhttp_rewrite_host]
 DEST_KEY = MetaData:Host
-REGEX = AAA,host,\"{0,}([a-zA-Z0-9\-\_\.]+)\"{0,}
+REGEX = host=\"{0,}([a-zA-Z0-9\-\_\.]+)\"{0,}
 FORMAT = host::$1
 
 # nmon_config source

diff --git a/TA-nmon_1327.tgz b/TA-nmon_1327.tgz