From 8afb24ac755f74bf3672e743e0f50ae4125ad5c0 Mon Sep 17 00:00:00 2001
From: zyphermonkey <zyphermonkey@gmail.com>
Date: Fri, 16 Aug 2024 14:32:06 -0400
Subject: [PATCH] add filter for junos perfmon events

---
 .../syslog/app-syslog-juniper_junos_unstructured.conf    | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/package/etc/conf.d/conflib/syslog/app-syslog-juniper_junos_unstructured.conf b/package/etc/conf.d/conflib/syslog/app-syslog-juniper_junos_unstructured.conf
index a229e46e28..9ff998dfc4 100644
--- a/package/etc/conf.d/conflib/syslog/app-syslog-juniper_junos_unstructured.conf
+++ b/package/etc/conf.d/conflib/syslog/app-syslog-juniper_junos_unstructured.conf
@@ -57,6 +57,14 @@ block parser app-syslog-juniper_junos_unstructured() {
                         sourcetype('juniper:junos:snmp')
                 );
             };
+        } elif (program('PERF_MON' type(string) flags(prefix)) and message('RTPERF_')) {
+            rewrite {
+                r_set_splunk_dest_update_v2(
+                        index('netops')
+                        class('perfmon')
+                        sourcetype('juniper:junos:perfmon')
+                );
+            };
         }
         else {
             rewrite {
@@ -81,6 +89,7 @@ application app-syslog-juniper_junos_unstructured-pgm[sc4s-syslog-pgm] {
         or program('ESWD_' type(string) flags(prefix))
         or program('mgd' type(string))
         or program('mcsnoopd' type(string))
+        or (program('PERF_MON' type(string)) and message('RTPERF_'))
         or (program('ifinfo' type(string)) and message('^PVIDB'))
         ;
     };