From 047005dcadd45a2704fe50e4bd71dd98612a8ebd Mon Sep 17 00:00:00 2001
From: rfaircloth-splunk <rfaircloth@splunk.com>
Date: Mon, 9 Aug 2021 16:44:03 -0400
Subject: [PATCH] fix: internal log sourcetype

---
 package/default/data/ui/views/health.xml | 2 +-
 package/default/props.conf               | 9 ++++-----
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/package/default/data/ui/views/health.xml b/package/default/data/ui/views/health.xml
index 67a8cbb8..e319fee6 100644
--- a/package/default/data/ui/views/health.xml
+++ b/package/default/data/ui/views/health.xml
@@ -5,7 +5,7 @@
       <title>MMDB Status</title>
       <table>
         <search>
-          <query>index=_internal sourcetype="seckitsageolocation:log" mmdb=* | stats latest(size) as size latest(mtime) as mtime by mmdb</query>
+          <query>index=_internal sourcetype="SecKit_SA_geolocation:log" mmdb=* | stats latest(size) as size latest(mtime) as mtime by mmdb</query>
           <earliest>-24h@h</earliest>
           <latest>now</latest>
           <sampleRatio>1</sampleRatio>
diff --git a/package/default/props.conf b/package/default/props.conf
index f2048eb3..9c954e83 100644
--- a/package/default/props.conf
+++ b/package/default/props.conf
@@ -7,10 +7,9 @@ SHOULD_LINEMERGE = 0
 category = Splunk App Add-on Builder
 pulldown_type = 1
 
-[source::...\/SecKit_SA_geolocation*.log*]
-sourcetype = seckitsageolocation:log
-SHOULD_LINEMERGE = 0
-LINE_BREAKER = ([\r\n]+)\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d,\d\d\d 
+[source::...[\\/]SecKit_SA_geolocation*.log*]
+sourcetype = SecKit_SA_geolocation:log
 
-[seckitsageolocation:log]
+[SecKit_SA_geolocation:log]
 SHOULD_LINEMERGE = 0
+LINE_BREAKER = ([\r\n]+)\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d,\d\d\d
\ No newline at end of file