Open lowell80 opened 3 years ago
lowell80
commented
3 years ago I got some internal feedback / approval on this. I'll give this to the end of the week to see if there's any feedback/concern from anyone else who's contributed/commented on this project: @j-chia, @barrettnet, @Guitaraholic, @atremar, @rdelmotte
lowell80
commented
3 years ago Got a recommendation for using the name TA-postfix-for-splunk and postfix:syslog from alacercogitatus on Splunk's user slack. (This follows the vendor:tech:format sourcetype convention better, but I was concerned that it may cause some confusion because it's so similar, but looking for thoughts on the topic.)
lowell80
commented
2 years ago Update: Splunkbase was able to convert the app type from external to splunkbase-hosted, so that problem has been solved. Not it's just a matter of getting some time to tackle this.
We'd like to release this app on Splunkbase as a direct download rather than as an "externally hosted" app. Splunk doesn't allow us to just convert an existing app between these types, therefore we need to upload a new app.
Additionally, Splunk now frowns upon reusing an existing sourcetype name that ships with Splunk enterprise, see #10. So we have to change the sourcetype
postfix_syslogto something new. At the moment, I'm assuming that we also have to update the appid(folder name) to something new as well.We would move the existing "master" branch to a new branch representing the "NEW" version of the app, the existing branch would be kept for some time for anyone still on the older version. Each branch would have some clear instructions in the README explaining the situation (and linking to the other), and there would be some "upgrade" notes on how to migrate from the legacy version to the updated and Splunkbase-available version.
Here's what I'm thinking in terms of renaming stuff. Please provide feedback with any recommendations or gotchas.
TA-postifxTA-postfix2*Where * indicates a change.