Skip to main content
Solved

Syslog Sources Not Capturing Originating IP Address

  • February 17, 2026
  • 3 replies
  • 0 views
M
This message originated from Cribl Community Slack.
Click here to view the original link.

Hi, is it possible to capture the originating IP for syslog sources? My customer has a specific requirement.

Best answer by xpac xpac

you already do, capture some events, click the little wheel icon, select "show internal fields", there's one called __SyslogIpPort or the like... it has the client IP

3 replies

X
Forum|alt.badge.img
  • xpac xpac
  • Participating Frequently
  • Answer
  • February 17, 2026
you already do, capture some events, click the little wheel icon, select "show internal fields", there's one called __SyslogIpPort or the like... it has the client IP
X
Forum|alt.badge.img
  • xpac xpac
  • Participating Frequently
  • February 17, 2026
you can then extract/eval that to whatever non-internal field (internal = starting with __ ) you wish
M
  • mateo.sosa
  • Author
  • New Participant
  • February 17, 2026
Ah, great. Many thanks @user
Terms & ConditionsAccessibility statement