- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Send Windows Logs to thrid party without Splunk adding in new syslog header
jmcclure
Explorer
01-25-2019
06:56 AM
I can send a subset of windows data as syslog server by sourcetype and then use the TransFroms to REGEX out the host.
None of this works though if Splunk puts a timestamp server header on each syslog message.
I have tried the
syslogSourceType = sourcetype::WinEventLog:Security, but this doesn't work.
Am I missing anything?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
davpx
Communicator
01-25-2019
07:37 PM
You can try using sendCookedData=false as in https://docs.splunk.com/Documentation/Splunk/7.2.3/Forwarding/Forwarddatatothird-partysystemsd#Forwa...