In a passthru route, Stream is adding the Cribl Worker ip address into the host field before sending to Splunk. How that can be avoided? This fields already comes from the source with different values.
Page 1 / 1
Is your source is syslog? Cribl will parse the syslog header and extract the host field. If youre looking for the ip of the sender, you can find that in __srcIpPort.
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.