Data power¶
| Ref | Link |
|---|---|
| Splunk Add-on | https://splunkbase.splunk.com/app/4662/ |
Sourcetypes¶
| sourcetype | notes |
|---|---|
| ibm:datapower:syslog | Common sourcetype |
| ibm:datapower:* | * is taken from the event sourcetype |
Index Configuration¶
| key | source | index | notes |
|---|---|---|---|
| ibm_datapower | na | inifraops | none |
Parser Configuration¶
Parser configuration is conditional only required if additional events are produced by the device that do not match the default configuration.
#/opt/sc4s/local/config/app-parsers/app-vps-ibm_datapower.conf
#File name provided is a suggestion it must be globally unique
application app-vps-test-ibm_datapower[sc4s-vps] {
filter {
host("^test-ibmdp-")
};
parser {
p_set_netsource_fields(
vendor('ibm')
product('datapower')
);
};
};