Jotne / MikroTik

MikroTik app for use with Splunk
11 stars 5 forks source link

request - change sourcetype to routeros #2

Closed nn-df closed 1 year ago

nn-df commented 1 year ago

Hello,

It is possible to change the sourcetype to "routeros"?

Jotne commented 1 year ago

It can be done, but why change it? Does it crash with some other apps you have? To change it we need to change it in transforms.conf as well as all dashboards (39) saved search + some other place. And it would break the app for all data that has been saved over several years for some user, if not change the dashboard to use both old and new sourcetype. So I would say it should stay with the sourcetype=mikrotik

nn-df commented 1 year ago

ok thanks. i used this sourcetype "routeros" because of this https://splunk.github.io/splunk-connect-for-syslog/main/sources/vendor/Mikrotik/routeros/ . so to used this app do i need to change sourcetype to "mikrotik" right ?

Jotne commented 1 year ago

If you like to use this MikroTik app, I do recommend you to change sourcetype to mikrotik.

Jotne commented 1 year ago

Will break to much to be an easy fix.