You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SmartThings events have a field named source (https://docs.smartthings.com/en/latest/ref-docs/event-ref.html#getsource). Currently, it is passed in to Splunk with the same name. However, looking at the data, I don’t really think it makes sense to do so. Instead, I would like to rename it spot something like “stSource”, and let source be the default based on how the data arrives at Splunk (probably HEC).
For sourcetype, there was not one specified prior to my fork. I made it “http:smartthings” at first, but now I realize I am trying to stuff source and sourcetype into one field. So I will make it simply “smartthings “.
The text was updated successfully, but these errors were encountered:
SmartThings events have a field named source (https://docs.smartthings.com/en/latest/ref-docs/event-ref.html#getsource). Currently, it is passed in to Splunk with the same name. However, looking at the data, I don’t really think it makes sense to do so. Instead, I would like to rename it spot something like “stSource”, and let source be the default based on how the data arrives at Splunk (probably HEC).
For sourcetype, there was not one specified prior to my fork. I made it “http:smartthings” at first, but now I realize I am trying to stuff source and sourcetype into one field. So I will make it simply “smartthings “.
The text was updated successfully, but these errors were encountered: