Splunk Search

Send Windows Logs to thrid party without Splunk adding in new syslog header

jmcclure
Explorer

I can send a subset of windows data as syslog server by sourcetype and then use the TransFroms to REGEX out the host.

None of this works though if Splunk puts a timestamp server header on each syslog message.

I have tried the

syslogSourceType = sourcetype::WinEventLog:Security, but this doesn't work.

Am I missing anything?

Tags (1)
0 Karma

davpx
Communicator
0 Karma
Get Updates on the Splunk Community!

Deprecation of Splunk Observability Kubernetes “Classic Navigator” UI starting ...

Access to Splunk Observability Kubernetes “Classic Navigator” UI will no longer be available starting January ...

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...