Describe the bug
When I set extendIndexes values in "sample1", it makes all the samples events being sent to that "extendIndexes". For example, when my "sample1" has "sourcetype=syslog, extendIndexes=test:3", and my "sample2" has "sourcetype=cisco, index=main". The result is that I saw "cisco, syslog" sourcetype from search index=test* SPL
To Reproduce
For example, when my "sample1" has "sourcetype=syslog, extendIndexes=test:3", and my "sample2" has "sourcetype=cisco, index=main". The result is that I saw "cisco, syslog" sourcetype from search index=test* SPL
Expected behavior
"extendIndexes" setting in one sample should only affect that sample, not all samples.
Actual behavior
"extendIndexes" setting in one sample affects all samples.
Screenshots
If applicable, add screenshots to help explain your problem.
Sample files and eventgen.conf file
Please attach your sample files and eventgen conf file
Do you run eventgen with SA-eventgen?
Yes/No(No means you run eventgen with pip module mode)
If you are using SA-Eventgen with Splunk (please complete the following information):
OS: [e.g. Windows/Mac OS 10.14]
Browser [e.g. chrome, safari]
Eventgen Version [e.g. 22]
Splunk Version[e.g. 7.1.3]
What other apps you have installed in Splunk etc/apps?
If you are using eventgen with pip module mode (please complete the following information):
python version: [e.g. 2.6]
OS: [e.g. Windows10]
Virtual Env is used: Yes/No
Eventgen Version [e.g. 6.3.2]
Additional context
Add any other context about the problem here.
Describe the bug When I set extendIndexes values in "sample1", it makes all the samples events being sent to that "extendIndexes". For example, when my "sample1" has "sourcetype=syslog, extendIndexes=test:3", and my "sample2" has "sourcetype=cisco, index=main". The result is that I saw "cisco, syslog" sourcetype from
search index=test*SPLTo Reproduce For example, when my "sample1" has "sourcetype=syslog, extendIndexes=test:3", and my "sample2" has "sourcetype=cisco, index=main". The result is that I saw "cisco, syslog" sourcetype from
search index=test*SPLExpected behavior "extendIndexes" setting in one sample should only affect that sample, not all samples.
Actual behavior "extendIndexes" setting in one sample affects all samples.
Screenshots If applicable, add screenshots to help explain your problem.
Sample files and eventgen.conf file Please attach your sample files and eventgen conf file
Do you run eventgen with SA-eventgen? Yes/No(No means you run eventgen with pip module mode)
If you are using SA-Eventgen with Splunk (please complete the following information):
If you are using eventgen with pip module mode (please complete the following information):
Additional context Add any other context about the problem here.