Template Variables

View thread

Mr. J

When sending data to InsightIDR, you have to specify a unique port for each data source.  For example, on an AD DC, you need a unique port for security event logs, DNS logs, and DHCP logs.  As it currently appears, I would need a template or individual configuration on each system. To optimize/simplify this, is it possible to use FIELDS and PATTERNS in templates?  e.g. DC1_SecLog=<port 1000>, DC1_DNS=<port 1001>.  In the template reference a FIELD/PATTERN based on the agent info like hostname and/or tags?  

Just looking for a way to minimize the number of templates I have to manage.