https://community.splunk.com/t5/Splunk-Search/Send-Windows-Logs-to-thrid-party-without-Splunk-adding-in-new/m-p/424740#M173397 <P>I can send a subset of windows data as syslog server by sourcetype and then use the TransFroms to REGEX out the host.</P> <P>None of this works though if Splunk puts a timestamp server header on each syslog message. </P> <P>I have tried the </P> <P>syslogSourceType = sourcetype::WinEventLog:Security, but this doesn't work.</P> <P>Am I missing anything?</P> Fri, 25 Jan 2019 14:56:18 GMT jmcclure 2019-01-25T14:56:18Z https://community.splunk.com/t5/Splunk-Search/Send-Windows-Logs-to-thrid-party-without-Splunk-adding-in-new/m-p/424740#M173397 <P>I can send a subset of windows data as syslog server by sourcetype and then use the TransFroms to REGEX out the host.</P> <P>None of this works though if Splunk puts a timestamp server header on each syslog message. </P> <P>I have tried the </P> <P>syslogSourceType = sourcetype::WinEventLog:Security, but this doesn't work.</P> <P>Am I missing anything?</P> Fri, 25 Jan 2019 14:56:18 GMT https://community.splunk.com/t5/Splunk-Search/Send-Windows-Logs-to-thrid-party-without-Splunk-adding-in-new/m-p/424740#M173397 jmcclure 2019-01-25T14:56:18Z https://community.splunk.com/t5/Splunk-Search/Send-Windows-Logs-to-thrid-party-without-Splunk-adding-in-new/m-p/424741#M173398 <P>You can try using sendCookedData=false as in <A href="https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd#Forward_a_subset_of_data">https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd#Forward_a_subset_of_data</A> </P> Sat, 26 Jan 2019 03:37:39 GMT https://community.splunk.com/t5/Splunk-Search/Send-Windows-Logs-to-thrid-party-without-Splunk-adding-in-new/m-p/424741#M173398 davpx 2019-01-26T03:37:39Z