Hi all,
in short - how can I change the formatting on the event logs going to a syslog server?
in detail -
I have configured my cluster to to send event logs to Splunk.
Splunk sees the hostname as cluster nodename + event message name
And if you look at how packages are being sent from NetApp, the syslog package is created this way.
I don't know the reason for this, but I could not change it. And this way it is creating for each event on each node a new 'host' entry on Splunk, which ends up with 100x new non-existing nodes.
I want to be able to modify the syslog event like
hostname = name of the node
ident = message name
message = message text