Issue filtering specific logs on UF

Hi, I have recently started building apps on splunk. I am monitoring a log file on the UF , containing logs from various applications and trying to fetch specific alert logs from a containing "VERITAS-COMMAND-CENTRAL-MIB". Below are the files I have configured for the the requirement. Issue is, **the logs are getting tagged to a different source type(snmptrapd) instead of the intended one (st_netbackup)** . Both my enterprise and UF are on 7.1.4 version. ### inputs.conf [monitor:///var/log/snmptrapd.log] disabled = 0 index = acn_backup_netbackup_tier1_idx #index = main host = XX.XX.XX.XX ### System level outputs.con [tcpout:acn-dev1-route-group] server = xx.xx.xx.xx:9997 ### props.conf [source::/var/log/snmptrapd.log] description = Netbackup log file TRANSFORMS-set = removeNETSNMPHeader,removeOther TRANSFORMS-route = parseNetbackup SEDCMD-community = s/community (\w+)/community *****/g BREAK_ONLY_BEFORE = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} TIME_FORMAT = %Y-%m-%d %T TRANSFORMS-customsourcetype = st_netbackup ### transforms.conf [st_netbackup] REGEX = (!?)VERITAS\-COMMAND\-CENTRAL\-MIB DEST_KEY = MetaData:Sourcetype FORMAT = st_netbackup [removeNETSNMPHeader] REGEX =NET-SNMP version* DEST_KEY = queue FORMAT = nullQueue [removeOther] REGEX = (.) DEST_KEY = queue FORMAT = nullQueue [parseNetbackup] REGEX = (!?)VERITAS\-COMMAND\-CENTRAL\-MIB DEST_KEY = _TCP_ROUTING FORMAT = acn-dev1-route-group Below is the log format as received on the desired index. It would be great to hear any suggestions here. *2020-01-14 04:15:27 ip-xx.xx.xx.xx.ec2.internal [UDP: [xx.xx.xx.xx]:53318->[xx.xx.xx.xx]:162]: DISMAN-EVENT-MIB::sysUpTimeInstance = Timeticks: (753481) 2:05:34.81 SNMPv2-MIB::snmpTrapOID.0 = OID: VERITAS-COMMAND-CENTRAL-MIB::ccError VERITAS-COMMAND-CENTRAL-MIB::alertRecipients = STRING: Splunk Dev VERITAS-COMMAND-CENTRAL-MIB::alertSummary = STRING: 27 Clear Connections To Media Server ec2amaz-akg3cqb Lost VERITAS-COMMAND-CENTRAL-MIB::alertDescription = STRING: Lost contact with media server VERITAS-COMMAND-CENTRAL-MIB::policyName = STRING: Lost Contact with Media Server VERITAS-COMMAND-CENTRAL-MIB::objectType = STRING: VERITAS-COMMAND-CENTRAL-MIB::collectorName = STRING: VERITAS-COMMAND-CENTRAL-MIB::ccHost = STRING: EC2AMAZ-AKG3CQB VERITAS-COMMAND-CENTRAL-MIB::sourceId = STRING: EC2AMAZ-AKG3CQB VERITAS-COMMAND-CENTRAL-MIB::ccObject = STRING: VERITAS-COMMAND-CENTRAL-MIB::sampleData = STRING: VERITAS-COMMAND-CENTRAL-MIB::ccAlertSeverity = STRING: Major VERITAS-COMMAND-CENTRAL-MIB::ccAlertTime = STRING: Tue Jan 14 04:15:27 UTC 2020 host =xx.xx.xx.xxsource = /var/log/snmptrapd.logsourcetype = snmptrapd*