Juniper Netscreen TCP Syslog messages not breaking properly
I have an SSG20 sending syslog over tcp to a windows-based Splunk installation. Strangely enough the log shows up in large "chunks" in the interface, aprox. 100-200 log-lines each. The strange thing is that Splunk seems to recognize the correct number of individual event in the event-count, but does not show the individual log-lines.
I have tried the solution suggested in this post http://answers.splunk.com/questions/603/juniper-netscreen-tcp-syslog-messages-not-breaking-properly , but without success.
Im really new to Splunk and a novice in regexp, etc, so please go easy on me:-).
This is a default installation on Windows, and the search is the very simple search that is performed when selection a log-source in the main search window. I have tried you suggestion and defined this as the pre-defined syslog format, but without the correct result. I have included a link to a screen-shot of how it turns out.
Best regards /Micke
... View more