Hi from our ASP.NET MVC application we write XML log files in the event schema format by a trace listener contained in the .NET framework (System.Diagnostics.EventSchemaTraceListener from System.Core dll). Pretty standard in the .NET micro-cosmos... I'm wondering if and how Splunk can handle this kind of (standard Windows) event schema? The trick is the "correlation" between related activities. This way I can group activities and sub-activities not only from a technical perspective but also from a business perspective (e.g. to log the whole business process). This is a sample "event" where the correlation come into play: <![CDATA[ 0 8 16 LABS00026 StopLogicalActivity Information Transfer ]]> (1) First the configuration questions: Does Splunk "understand" this kind of XML format out-of-the-box? How to configure the "Data input"? (2) Second the Search questions: How can we query all messages from a logical activity? And how to query all related (sub-) activities with the "parent" correlation token? Thanks in advance. Kindly, Stefan ... View more