splunk-connect-for-syslog
splunk-connect-for-syslog copied to clipboard
splunk
Splunk Connect for Syslog
As part of upgrade during regression testing of Citrix found data not being parsed correctly for August only. **Test Data (for each month)** echo ' 01/13/2022:01:01:01 GMT netscaler ABC-D :...
sourcetype comes in as cef and the index main raw logs from the syslog-ng ingest Jul 25 12:53:03 10.254.201.9 CEF:0|Aruba|A72xx|79813|log|SystemEvent|3|deviceProcessName=dot1x-proc:2 dvcpid=4387 dvchost=7205-SC msg=2[4387]: \|dot1x-proc:2\| User Authentication failed. username\=nicole userip\=0.0.0.0 usermac\=gg:gg:f9:03:dd:c5...
The CUCM data coming in from the syslog-ng server is getting indexed in the main index with the sc4s:fallback sourcetype. The documentation has UCM under known vendors with index ucm...
looking at the code at **package/etc/conf.d/sources/source_syslog/plugin.jinja** . it will send the data to the app-parsers registered at **package/etc/conf.d/plugin/app_parser_topics.conf** directly. This implies that all the built in parsers will take higher...
Feature request: We are interested in ingestion data fromF5 Silverline, which looks to be currently unsupported. The source type would be f5:silverline. Attached below are sample logs from F5 Support....
This is a two-part feature request related to the security of the HEC Token: 1. The token should be stored in a secret. It can be mounted from the StatefulSet...
1. it appears some multiline events cannot be processed properly. Only the first line is taken in. 2. Some data is not properly processed. 1 line is process in normal...
On the following link https://splunk.github.io/splunk-connect-for-syslog/main/gettingstarted/k8s-microk8s/ on the values.yaml config it does not explain how to expose the services to outside of the cluster. i.e if the documentation is followed we...
