Are there apps to help with the extraction of sourcetype = linux_syslog. I have hosts(solaris,rhel,etc) sending logs over udp on discrete ports and the limited fields and selected fields are really limited. Yes, I know it is not recommended to send syslog directly to splunk but this is will have to do until we can purchase hardware and setup a syslog server. Also, I am not able to install UF on these hosts either.
Any help is much appreciated!
good for you,
if this answer solves your need, please, accept it for the other people of Community, otherwise, please tell me how can I help you.
P.S.: Karma Points are appreciated 😉