Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Send Windows Logs to thrid party without Splunk adding in new syslog header

jmcclure
Explorer
‎01-25-2019 06:56 AM

I can send a subset of windows data as syslog server by sourcetype and then use the TransFroms to REGEX out the host.

None of this works though if Splunk puts a timestamp server header on each syslog message.

I have tried the

syslogSourceType = sourcetype::WinEventLog:Security, but this doesn't work.

Am I missing anything?

Tags (1)
0 Karma
Reply

davpx
Communicator
‎01-25-2019 07:37 PM

You can try using sendCookedData=false as in https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd#Forwa...

0 Karma
Reply
Get Updates on the Splunk Community!

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...