メインコンテンツまでスキップ

Transforms

collection = <string>

Name of the collection to use for this lookup.
Collection should be defined in $SPLUNK_HOME/etc/<app_name>/collections.conf
for some <app_name>
If collection is in multiple collections.conf file, no layering is done.
Standard conf file precedence is used to disambiguate.
Defaults to empty string (in which case the name of the stanza is used).

lookupとして用いるcollectionを指定する。

fields_list = <string>

A comma- and space-delimited list of all fields that are supported by the
external command.

transformsで用いるフィールドのリスト

external_type = [python|executable|kvstore|geo|geo_hex]

This setting describes the external lookup type.
Use 'python' for external lookups that use a python script.
Use 'executable' for external lookups that use a binary executable, such as a
C++ executable.
Use 'kvstore' for KV store lookups.
Use 'geo' for geospatial lookups.
'geo_hex' is reserved for the geo_hex H3 lookup.
Default: python

lookupとして用いる外部ファイルを定義する。

collection = <string>
fields_list = <string>
external_type = [python|executable|kvstore|geo|geo_hex]