Hello,
I'm trying to parse log entries that look like so
EventTime=2018-12-07 10:06:31,Hostname=WIN-UE7JIIAK3IG.nxlog.co,Keywords=36028797018963968,EventType=INFO,SeverityValue=2,Severity=INFO,EventID=1,SourceName='My Script',TaskValue=1,RecordNumber=3169,ExecutionProcessID=0,ExecutionThreadID=0,Channel=Application,Message='This is a test message 1.',Opcode=Info,EventData='This is a test message 1.',EventReceivedTime=2018-11-26 14:16:31,SourceModuleName=filein,SourceModuleType=mymodulelog,
EventTime=2018-12-07 10:16:33,Hostname=WIN-UE7JIIAK3IG.nxlog.co,Keywords=36028797018963968,EventType=INFO,SeverityValue=2,Severity=INFO,EventID=1,SourceName='My Script',TaskValue=1,RecordNumber=3170,ExecutionProcessID=0,ExecutionThreadID=0,Channel=Application,Message='This is a test message 2.',Opcode=Info,EventData='This is a test message 2.',EventReceivedTime=2018-11-26 14:16:33,SourceModuleName=filein,SourceModuleType=mymodulelog,
I'd like to forward these to my indexer on the Splunk cloud, and be searchable via field names. Something that is not clear to me is how I configure my inputs.conf and props.conf to handle such data.
↧