Hello all, implementing some routing at the moment in order to forward a subset of data to a third party syslog system. However, i'm running into issues with the Windows Logs. They look like this at syslog-NG Dec 29 07:47:18 12/29/2014 02:47:17 AM Dec 29 07:47:18 LogName=Security Dec 29 07:47:18 SourceName=Microsoft Windows security auditing. Dec 29 07:47:18 EventCode=4689 Dec 29 07:47:18 EventType=0 I believe this is because of the /r/n in the Windows events caused by non-xml How can i get the Splunk Heavy Forwarder to treat each Windows event as one line and then send it through? Architecture = UF - HF - Third Party System/Splunk Cloud Thanks
... View more