Closed ghost closed 2 years ago
cc: @mateuszpierzchala-splunk The issue should be fixed now , Please be careful for following things:
i've been trying to redirect the probe log without success. I'm using "splunk_sc4s_probe,index,sc4s_logs" and a bunch of other things but it's not quite working. I'm using brand new v3.23.0 released just yesterday. What am I doing wrong?
The SC4S start-up HEC test outputs are sent to the sourcetype 'SC4S:probe' which by default goes to the main index.
The re-routing option to add the source key to splunk_metadata.csv, for example 'sc4s_probe,index,sectools' did not work, with the events just disappearing.