Splunk Message parsing | Log collection solutions

#1 MB_318874 3 years ago

Hello,

After looking on the community forum i didn't really get the answer i was seeking.

I'm sending windows log to a syslog and to a splunk,

I got some issue about parsing the Message part as you can see : https://cdn.discordapp.com/attachments/700242491227635714/766300884971159562/unknown.png

This is my conf : https://cdn.discordapp.com/attachments/700242491227635714/766301478897451048/unknown.png https://cdn.discordapp.com/attachments/700242491227635714/766301597541335060/unknown.png

Maybe this is not the good way to do it, i have to send in syslog because i'm sending it after to an elasticsearch and the splunk.

Thank you for your help :)

Permalink

#2 rafDeactivated Nxlog ✓ 3 years ago

#1 MB_318874

Hello, After looking on the community forum i didn't really get the answer i was seeking. I'm sending windows log to a syslog and to a splunk, I got some issue about parsing the Message part as you can see : https://cdn.discordapp.com/attachments/700242491227635714/766300884971159562/unknown.png This is my conf : https://cdn.discordapp.com/attachments/700242491227635714/766301478897451048/unknown.png https://cdn.discordapp.com/attachments/700242491227635714/766301597541335060/unknown.png Maybe this is not the good way to do it, i have to send in syslog because i'm sending it after to an elasticsearch and the splunk. Thank you for your help :)

Hi,

It would be easier to debug your config if you pasted it as a text - the forum supports markdown. Config file as a two-part screen isn't convenient to analyze ;)

Also, I'm not sure what's the problem? You've posted a screen, but letting know what have you expected would help with suggesting a solution. In other words - what's the question?

Best,

Rafal