I'm looking to insert some text at our heavy forwarder into certain sourcetypes that a 3rd party running syslog-ng will see and be able to better identify what the logs are. For example, "IISLog", or "DHCPLog". Does anyone have any experience doing this?
Here's a sample log:
Hi @eblackburn,
You use below sample. It is adding some text to end of the log since it is safer and easier.
props.conf
[iis_log]
TRANSFORMS-logtype = append_logtype
transforms.conf
[append_logtype]
REGEX = (?m)^(.*)$
FORMAT = $1 IISLog
DEST_KEY = _raw
Hi @eblackburn,
You use below sample. It is adding some text to end of the log since it is safer and easier.
props.conf
[iis_log]
TRANSFORMS-logtype = append_logtype
transforms.conf
[append_logtype]
REGEX = (?m)^(.*)$
FORMAT = $1 IISLog
DEST_KEY = _raw