I have set up a Cisco BGP syslog alert from Splunk. The BGP down event triggers correctly with all indexed data. See screenshot below:
But the Up message shows up with now indexed data in fast-mode:
If you view the message on the "up message", all data was indexed correctly in verbose mode, but not in fast-mode. How can I set up and alert in display the alert with verbose mode data?
... View more