Deployement_Server_old/apps/splunk_secure_gateway/default/props.conf

[source::.../var/log/splunk/splunk_secure_gateway*.log]
sourcetype = secure_gateway_app_internal_log

[secure_gateway_app_internal_log]
description = Splunk App Secure Gateway Internal Log
MAX_TIMESTAMP_LOOKAHEAD = 23
TIME_PREFIX = ^
TIME_FORMAT = %Y-%m-%d %H:%M:%S,%3N
SHOULD_LINEMERGE = true
ANNOTATE_PUNCT = false
NO_BINARY_CHECK = true
EXTRACT-log_level,app_name,module_name,function_name,process_id = ^(?:[^ \n]* ){2}(?P<log_level>[^ ]+)\s+\[(?P<app_name>[^\]]+)[^\[\n]*\[(?P<module_name>[^\]]+)[^ \n]* \[(?P<function_name>\w+)\]\s+\[(?P<process_id>[^\]]+)