SH-Deployer/apps/SA-ITOA/default/props.conf

[source::...(/|\\)var(/|\\)log(/|\\)splunk(/|\\)itsi*]
TIME_PREFIX=^
TIME_FORMAT=%Y-%m-%d %H:%M:%S,%3N%z
LINE_BREAKER =([\r\n]+)\d{4}-\d{2}-\d{2}\s
SHOULD_LINEMERGE = false
TRUNCATE = 100000
MAX_TIMESTAMP_LOOKAHEAD = 29
sourcetype = itsi_internal_log
EXTRACT-component = ^[^\[\n]*\[(?P<component>[^\]]+)
EXTRACT-sub_component = ^[^\]\n]*\]\s+\[(?P<sub_component>[^:\]]+)
EXTRACT-log_level = ^[^\[\n]*\s+(?P<log_level>(?:\w+))\s+\[

[itsi_internal_log]
description = ITSI Internal Log

[itsi_summary:metrics]
KV_MODE = none
INDEXED_EXTRACTIONS = csv

[itsi_notable:event]
KV_MODE = none
INDEXED_EXTRACTIONS = JSON
TRUNCATE=100000

[itsi_notable:group]
KV_MODE = none
INDEXED_EXTRACTIONS = JSON
TRUNCATE=100000

[itsi_notable:audit]
KV_MODE = none
INDEXED_EXTRACTIONS = JSON
TRUNCATE=100000

[itsi_notable:archive]
KV_MODE = none
INDEXED_EXTRACTIONS = JSON

[itsi_notable:comment]
KV_MODE = none
INDEXED_EXTRACTIONS = JSON
TRUNCATE=100000

[itsi_im_metrics]
description = For ITSI IM metrics.

## For the data collected by VMware Metrics TA
[vmware_inframon:inv:datastore]
KV_MODE = none

[vmware_inframon:inv:hostsystem]
KV_MODE = none

[vmware_inframon:inv:vm]
KV_MODE = none

[vmware_inframon:inv:clustercomputeresource]
KV_MODE = none

[vmware_inframon:tasks]
KV_MODE = none

[vmware_inframon:events]
KV_MODE = none

[ta_vmware_hierarchy_agent]
REPORT-hydraloggerfields = hydra_logger_fields

## Original from SA-Hydra
[hydra_scheduler]
REPORT-schedulerfields = hydra_scheduler_log_fields

[hydra_worker]
REPORT-workerfields = hydra_worker_log_fields
REPORT-pool_name_field = pool_name_field_extraction

[source::.../var/log/splunk/*_configuration.log]
REPORT-pool_name_field = pool_name_field_extraction

[hydra_gateway]
REPORT-gatewayfields = hydra_gateway_log_fields

[hydra_access]
REPORT-gatewayfields = hydra_access_log_fields