My SourceName has r-container-name-containerID

[mhobotpplnet]

Not sure how all this ties together but for example my ingested logs show

_sourceName as

 r-consul-registrator-consul-registrator-consul-8-9566fbb7 

I do not have any source.json or anywhere in the files specifying that a sourceName should be named like that.

Where is sourcename defined or how can I define/change a sourcename metadata?

[mhobotpplnet]

I found out where this came from. its from docker it self

curl --unix-socket /var/run/docker.sock http://localhost/events

if you run that you will see, r-name-name-somenumber..

Now I need to figure out how to parse something else than the name:"r-containerName"

[mhobotpplnet]

I fixed this issue via sumo extraction field (not really ideal, but those are my options I guess)