From 09c46e6f1f21440337d3e70e2b254120a89d5127 Mon Sep 17 00:00:00 2001
From: admingit <jocelyn.pamphile@businessdecision.com>
Date: Wed, 15 Nov 2023 17:58:23 +0100
Subject: [PATCH] addTA

---
 deployment-apps/Splunk_TA_api-renault/local/props.conf      | 2 ++
 deployment-apps/Splunk_TA_api-renault/local/transforms.conf | 3 +++
 2 files changed, 5 insertions(+)
 create mode 100644 deployment-apps/Splunk_TA_api-renault/local/props.conf
 create mode 100644 deployment-apps/Splunk_TA_api-renault/local/transforms.conf

diff --git a/deployment-apps/Splunk_TA_api-renault/local/props.conf b/deployment-apps/Splunk_TA_api-renault/local/props.conf
new file mode 100644
index 00000000..50da2beb
--- /dev/null
+++ b/deployment-apps/Splunk_TA_api-renault/local/props.conf
@@ -0,0 +1,2 @@
+[_json]
+TRANSFORMS-set=json_transform
\ No newline at end of file
diff --git a/deployment-apps/Splunk_TA_api-renault/local/transforms.conf b/deployment-apps/Splunk_TA_api-renault/local/transforms.conf
new file mode 100644
index 00000000..74643a3e
--- /dev/null
+++ b/deployment-apps/Splunk_TA_api-renault/local/transforms.conf
@@ -0,0 +1,3 @@
+[extract-fields]
+REGEX = \{\"(?<json_data>[^\"]+)\"\}
+FORMAT = $1::$json_data
\ No newline at end of file