I am trying to get the output from a python script to indexer. So i added transforms.conf and props.conf under C:\Program Files\SplunkUniversalForwarder\etc\system\local
transforms.conf
[myexternaltable]
REGEX = (.)
external_cmd = addnum.py $1
DEST_KEY = queue
FORMAT = indexQueue
props.conf
[sitescope_daily2_log]
TRANSFORMS-runscript=myexternaltable
But its not working, can anyone please help me with correct settings needs to be done on UF.
Thanks,
Niloo
↧