From 2f87a78c5aa6db280bcf96cf074c41256316ea4a Mon Sep 17 00:00:00 2001
From: admingit <jocelyn.pamphile@businessdecision.com>
Date: Mon, 20 Nov 2023 10:17:47 +0100
Subject: [PATCH] addTAlinky

---
 deployment-apps/Splunk_TA_linky/local/app.conf        | 1 +
 deployment-apps/Splunk_TA_linky/local/props.conf      | 3 +++
 deployment-apps/Splunk_TA_linky/local/transforms.conf | 4 ++++
 3 files changed, 8 insertions(+)
 create mode 100644 deployment-apps/Splunk_TA_linky/local/app.conf
 create mode 100644 deployment-apps/Splunk_TA_linky/local/props.conf
 create mode 100644 deployment-apps/Splunk_TA_linky/local/transforms.conf

diff --git a/deployment-apps/Splunk_TA_linky/local/app.conf b/deployment-apps/Splunk_TA_linky/local/app.conf
new file mode 100644
index 00000000..1173ea8c
--- /dev/null
+++ b/deployment-apps/Splunk_TA_linky/local/app.conf
@@ -0,0 +1 @@
+# Autogenerated file 
\ No newline at end of file
diff --git a/deployment-apps/Splunk_TA_linky/local/props.conf b/deployment-apps/Splunk_TA_linky/local/props.conf
new file mode 100644
index 00000000..8dd2204b
--- /dev/null
+++ b/deployment-apps/Splunk_TA_linky/local/props.conf
@@ -0,0 +1,3 @@
+[json]
+KV_MODE = json
+TRANSFORMS-extract_json = extract_json_fields
\ No newline at end of file
diff --git a/deployment-apps/Splunk_TA_linky/local/transforms.conf b/deployment-apps/Splunk_TA_linky/local/transforms.conf
new file mode 100644
index 00000000..27a84fd6
--- /dev/null
+++ b/deployment-apps/Splunk_TA_linky/local/transforms.conf
@@ -0,0 +1,4 @@
+[extract_json_fields]
+REGEX = \"(?<field_name>[^\"]+)\":\s?\"(?<field_value>[^\"]+)\"
+FORMAT = $1::$2
+WRITE_META = true
\ No newline at end of file