Replies: 1 comment
-
|
SC4S extracts metadata and assigns it to the field , it is possible by writing an app-parsers. Something like this can be used #1825 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I have rsyslog configured on my linuxPC that sends logs to SC4S and then SC4S forwards these logs to a given index. Logs received by SC4S look like this example:
<30>Dec 20 08:35:26 linuxPC dbus-daemon[533]: [system] Successfully activated service 'net.reactivated.Fprint'
but when SC4S forwards them to Splunk, Splunk receives them with no date, time and host name:
dbus-daemon[533]: [system] Successfully activated service 'net.reactivated.Fprint'
Is there any way Splunk can receive the same log ?
thanks for help, regards, pawelF
Beta Was this translation helpful? Give feedback.
All reactions