New user - looking for information on parsing fields from Syslog message field
We’re just starting to get LogicMonitor setup on our network and, mainly to test the collector, I setup one of our HAProxy instances to forward it’s syslog to the collector and can confirm that the logs are being ingested. However, because it’s bare syslog, all I can see is the bare message field. What I’m looking for is the functionality to pull particular fields out of the message and into fields. <134>Oct 17 23:37:17 haproxy[3719288]: 69.141.121.67:11058 [17/Oct/2023:23:37:17.568] http_front_80 http_back_80/Acc-SRV01 0/0/0/32/32 200 759 - - --NI 5825/3042/52/12/0 0/0 "POST /Server/URL.asmx HTTP/1.1" For example, in the log line above, the fields are separated by a space. Among the fields included in the log line are items such as the Client IP, the FronteEnd and BackEnd which I was hoping to be able to extract into their own fields to help with reporting. I’ve been looking through the documentation and have found the LogSource section but that doesn’t seem to be adding the field. Frankly, after a few hours of searching and experimenting, I’m hoping someone could give me some guidance on how this can be done. ThanksSolved353Views18likes11Comments