In a passthru route, Stream is adding the Cribl Worker ip address into the host field before sending to Splunk. How that can be avoided? This fields already comes from the source with different values.
Solved
Remove Cribl Worker host field from message
Best answer by Eugene Katz
Is your source is syslog? Cribl will parse the syslog header and extract the host field. If youre looking for the ip of the sender, you can find that in __srcIpPort.
Is your source is syslog? Cribl will parse the syslog header and extract the host field. If youre looking for the ip of the sender, you can find that in __srcIpPort.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.