Hi team, I would like to extract the following fields from vcenter logs that are being sent to Splunk on a dedicated port.
Sample log as below:
2021-01-18T06:21:11.752139+00:00 test101 sshd[21656] Accepted password for root from 76.87.981.72 port 49881 ssh2
I am already using the Splunk_TA_vcenter from splunk_add_on_from_vmware but no luck in extraction.
Need to extract the following fields:
Field name Field value
app sshd
user root
src_ip 76.87.981.72
dest test101
action success
tag authentication
thanks in advance.