It's worse than that Eric... the app is very old and is written were it MUSt have all the fields in order for the transforms to work ( all in a row). On top of the syslog header... the event is also missing three or four fields (and I can't tell what the missing one is because there should be nothing there according to the transforms... ) it also doesn't account for the existence of the timestamp at all and begins with a ^ and expects the duration to be there... even without syslog, that wouldn't work, because the timestamp is going to be there either way... 😕
... View more