Syslog parsing

Fredrik Palmqvist

Hi I am having some problem to get the host name out of some sample log files, the format is RCF 3164. And thru the documentation it says Cribl will try to parse that itself, do I need to decelerate that it syslog as a source?

Jon Rust

There is a dedicated input type for syslog. If you are using that config it will auto-recognize valid syslog messages and auto parse the log contents for the basic syslog fields: time, severity, priority, level, app, host and message. If it is not a valid syslog format, the data will still be received, but you will be missing the auto extracted fields, and you'll likely want to set-up a pipeline to address that.