These are the logs coming from splunk to my alienvault SIEM Sensor but my SIEM is unable to read those logs. I have checked all the confs like props.conf, transform.conf, input.conf, output.conf but I couldn't understand the issue. The main issue is in each key value pair in logs, value is being #015#012 this kind of weird. All events are from Windows. At first I thought there may be data Anonymizing but there is not **TRANSFORMS-annonymize entry in props.conf. Please help, Thanks in advanced.**
Mar 17 23:00:03 172.16.8.145 TEC-R90M6PGD Type=NetworkAdapter#015#012Name="Microsoft Wi-Fi Direct Virtual Adapter #2"#015#012Manufacturer="Microsoft"#015#012ProductName="Microsoft Wi-Fi Direct Virtual Adapter"#015#012Status=""#015#012MACAddress="36:F3:9A:3D:28:1D"Mar 17 23:00:02 172.16.8.145 TECSRVTP-DB01 20190317230049.310381#015#012CurrentDiskQueueLength=0#015#012DiskBytesPersec=0#015#012Name=1 G:#015#012PercentDiskReadTime=0#015#012PercentDiskTime=0#015#012PercentDiskWriteTime=0#015#012wmi_type=LocalPhysicalDisk#015#012#015
Mar 17 23:00:02 172.16.8.145 TECSRVTP-DB01 20190317230049.310381#015#012CurrentDiskQueueLength=0#015#012DiskBytesPersec=0#015#012Name=2 F:#015#012PercentDiskReadTime=0#015#012PercentDiskTime=0#015#012PercentDiskWriteTime=0#015#012wmi_type=LocalPhysicalDisk#015#012#015
Mar 17 23:00:02 172.16.8.145 TECSRVEXMBX02 20190317230049.314638#015#012CurrentDiskQueueLength=0#015#012DiskBytesPersec=0#015#012Name=3 F:#015#012PercentDiskReadTime=0#015#012PercentDiskTime=0#015#012PercentDiskWriteTime=0#015#012wmi_type=LocalPhysicalDisk#015#012#015
... View more