Passing data to another host with no extra meta data
Answers
-
Sorry I meant syslog source
0 -
it's JSON via raw tcp, but Vectra doesn't follow RFC, there are no syslog headers of any kind, just raw json over TCP
0 -
I think that worked Josh, I could swear I tried that earlier, but I must have had some other rules going
0 -
ahh, interesting. if you are using syslog source, I'd expect to not see host and _time, according to our syslog doc - but if it is breaking those out, I'll notify our docs team. See here for what fields to expect from the syslog source: https://docs.cribl.io/stream/sources-syslog#what-fields-to-expect
0 -
Yep - just ran a test - I'll verify internally and let the docs team know. The pipeline I shared above should work for your use case
0
