eventtype search has wrong syntax

Kintyre / TA-postfix

Postfix Add-on for Splunk (Compliant with the Mail CIM model)

https://splunkbase.splunk.com/app/3347/

Apache License 2.0

11 stars 3 forks source link

eventtype search has wrong syntax #4

Closed atremar closed 7 years ago

atremar commented 7 years ago

_Invalid key in stanza [postfix_email] in /opt/splunk/etc/apps/TA-postfix/default/eventtypes.conf, line 2: sourcetype (value: postfixsyslog). Did you mean 'search'?

correct is: [postfix_email] search = sourcetype = postfix_syslog

Thank you, Meno

lowell80 commented 7 years ago

yes, this and other fixes are on a different branch. I'll look into merging it. Thanks for pointing this out.

lowell80 commented 7 years ago

Check out release the new v0.7 release.

https://github.com/Kintyre/TA-postfix/releases/tag/v0.7

atremar commented 7 years ago

still not fixed in v0.7 let me know if I can be of any help Thank you, Meno

lowell80 commented 7 years ago

Sorry. Found the fix in an already integrated branch, but somehow it got reverted. Trying this again. ;-)

v0.8

https://github.com/Kintyre/TA-postfix/releases/tag/v0.8