I have them set to not cook the data so I get raw text out, my question is this, Has anyone built an extractor or parser to deal with Windows output as raw/plaintext? And I ask this because here are plenty non-RAW data options, however I nee to use the Splunk UF which means I am stuck with RAW data as an input for Graylog. I was hoping to find a pre-built extractor for Windows data.I hope this clears up my question.
On Wednesday, January 18, 2017 at 5:29:23 AM UTC-5, Jochen Schalanda wrote: > > Hi, > > what format do the Splunk Universal Forwarders use? Is it text-based or is > it a binary format? > > If it's text based, you can simply use extractors > <http://docs.graylog.org/en/2.1/pages/extractors.html> or the message > processing > pipelines <http://docs.graylog.org/en/2.1/pages/pipelines.html> to parse > the messages from a Raw/Plaintext input. > > Cheers, > Jochen > > On Tuesday, 17 January 2017 18:15:51 UTC+1, darknetone wrote: >> >> >> >> We have a bunch of windows machines running Splunk Universal Forwarders >> (don't ask why just know that this is how it is happening), and are >> presently sending their output info Graylog 2, as Raw/PlainText, my only >> option in this case, unless you know of a better way while still using the >> Splunk Universal Forwarders. So my question is how to parse/build an >> extractor, any advice as I want to be able to deal with my data as I would >> if it cam in via a non RAW format. >> >> Thanks in advance for Any Wisdom. >> >> >> >> >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/aee51c90-dd2d-4f31-868d-5f370d3c264a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
