Hi ejwade,
I now this an older post, but we're trying to do the same thing. We're using an intermediate log collector with a universal forwarder, but we're not getting all the extractions, host in particular. Is there something special you did on your Juniper device to get the correct log format? Thanks.
... View more
@SloshBurch, which option did you choose? I'm having the same issue, and am not sure how to proceed. I am tempted to stop all SCH members and delete the KOs. However, I worry about the sync issues you mentioned above. Thanks.
... View more