About chje

chje · ‎04-17-2018

Hi, I just wanted to give my thoughts on this as I have recently experienced the exact same issue. The thing that solved it for us was that the log format on the WEF server for "Forwarded Events" was in mode "Rendered Text". When changed to mode "Events", the parsing became correct. Cheers.

chje · ‎11-27-2014

Thanks for the quick replies guys. I have looked into this doc but I couldn´t see anywhere if the data is "copied" when forwarded or not. I would like to have the data on two locations so to speak. Not just routed or forwarded away all together from the Splunk indexer. If you understand what I mean. But if this is possible with the forwarding described in the document, then I will start looking into implementing this. /CJ

chje · ‎11-27-2014

Hi, Is it possible to clone/forward logevents from specific hosts from a Splunk instance to a third-party system? The importance here is that all logs still should be indexed and searchable on the splunk indexer but some of the data should also be copied from the indexer and get forwarded to a third-party system. This third-party system is a syslog-ng. Which approach should I look into more deeply? To forward the data or to clone the data? Is cloning even possible to a no-splunk instance? Thanks in advance. Br, CJ

Posts	3
Solutions	0
Karma Given	2
Karma Received	1
Member Since	‎11-27-2014

Online Status	Offline
Date Last Visited	‎06-05-2020 02:04 AM

Possible to clone/forward logs to a third-party sy...

Re: Why is the Windows Event Collector not parsing...

Re: Possible to clone/forward logs to a third-part...

Possible to clone/forward logs to a third-party sy...