Hi, what format do the Splunk Universal Forwarders use? Is it text-based or is it a binary format?
If it's text based, you can simply use extractors <http://docs.graylog.org/en/2.1/pages/extractors.html> or the message processing pipelines <http://docs.graylog.org/en/2.1/pages/pipelines.html> to parse the messages from a Raw/Plaintext input. Cheers, Jochen On Tuesday, 17 January 2017 18:15:51 UTC+1, darknetone wrote: > > > > We have a bunch of windows machines running Splunk Universal Forwarders > (don't ask why just know that this is how it is happening), and are > presently sending their output info Graylog 2, as Raw/PlainText, my only > option in this case, unless you know of a better way while still using the > Splunk Universal Forwarders. So my question is how to parse/build an > extractor, any advice as I want to be able to deal with my data as I would > if it cam in via a non RAW format. > > Thanks in advance for Any Wisdom. > > > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/65d9c858-9de8-4f02-88af-4383b6620ccd%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
