Fresh install on a test searchhead with version 7.3.3. All other extractions work, and dashboards populate.
Log example:
node=foo-master-1.bar.foobar.com type=SERVICE_START msg=audit(1575573930.805:2486026): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
In this case dest, dest host, host, dvc all populate as test-auditd-foobar.foo.foobar.com
Fresh install on a test searchhead with version 7.3.3. All other extractions work, and dashboards populate.
Log example:
node=foo-master-1.bar.foobar.com type=SERVICE_START msg=audit(1575573930.805:2486026): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=serial-getty@ttyS0 comm="systemd" exe="/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
In this case dest, dest host, host, dvc all populate as test-auditd-foobar.foo.foobar.com