fix: internal log sourcetype

splunk · Aug 9, 2021 · 047005d · 047005d
1 parent 6ae1bdd
commit 047005d
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 6 deletions.
diff --git a/package/default/data/ui/views/health.xml b/package/default/data/ui/views/health.xml
@@ -5,7 +5,7 @@
       <title>MMDB Status</title>
       <table>
         <search>
-          <query>index=_internal sourcetype="seckitsageolocation:log" mmdb=* | stats latest(size) as size latest(mtime) as mtime by mmdb</query>
+          <query>index=_internal sourcetype="SecKit_SA_geolocation:log" mmdb=* | stats latest(size) as size latest(mtime) as mtime by mmdb</query>
           <earliest>-24h@h</earliest>
           <latest>now</latest>
           <sampleRatio>1</sampleRatio>

diff --git a/package/default/props.conf b/package/default/props.conf
@@ -7,10 +7,9 @@ SHOULD_LINEMERGE = 0
 category = Splunk App Add-on Builder
 pulldown_type = 1
 
-[source::...\/SecKit_SA_geolocation*.log*]
-sourcetype = seckitsageolocation:log
-SHOULD_LINEMERGE = 0
-LINE_BREAKER = ([\r\n]+)\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d,\d\d\d 
+[source::...[\\/]SecKit_SA_geolocation*.log*]
+sourcetype = SecKit_SA_geolocation:log
 
-[seckitsageolocation:log]
+[SecKit_SA_geolocation:log]
 SHOULD_LINEMERGE = 0
+LINE_BREAKER = ([\r\n]+)\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d,\d\d\d