The Splunk Metadata process is used to add metadata when sending data to Splunk using a TCP/IP client. This metadata controls Splunk’s indexing process.
If ProcessType is set to SplunkMetaData, a parent field named SplunkMetaDataConfiguration must be populated with these Mandatory fields:
|
Example Splunk Metadata Process File
An example of a Process configuration file that adds Splunk meta data and sends the results to a Target. The records will be sent to the “smf030” index with the Splunk default fields source type and source being added to each record with the values “SyncsortMF” and “mainframe” respectively.
{
"Name": "SMF030SplunkMetadata",
"Id": "4b205b49-970b-4e84-ad13-28c0ffdf7be3",
"SplunkMetaDataConfiguration": {
"SourceType": "SyncsortMF",
"Source": "mainframe",
"Index": "smf030",
},
"ProcessType": "SplunkMetaData"
}