I am new here and don't know where to start or ask this question.But, is there a way to add a function to the pipeline to drop
for windows event logs that are sent via syslog to a separate SIEM that only collects logs via syslog?Below is an example of how the logs are post-processed in syslog.`
Process Information:
Process ID:
`
Page 1 / 1
Yep
Use the Mask Function
You might also need `
` and `
` and use the global g and m for multiline flag
I DM'd you.
Thank you, David, can you please elaborate what the \r does?
All fixed with Mask
Reply
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.