Hi All
When a firwall logs go to the Splunk and the Splunk redirects to our log collector, additional timestamp and syslog headers to the packet. It makes the logs indecipherable once they reach our log collector.
Any solution passing logs without any log format changes?
Thanks,
You can use the setting in Splunk inputs.conf no_appending_timestamp
. See the README file or docs for inputs.conf.