Re: Forward Syslog From Kiwi to ESM - View separate Data Sources in ESM
The ESM would need a method to separate the log stream into different datasources. Typically this is done using hostnames - you would use a parent datasource with no hostname or a generic one for the Kiwi system and configure the Syslog Relay setting with the appropriate one for the log structure that Kiwi forwards in. You then create parent datasources (and clients as needed) with the specific hostnames for the specific data you are collecting / parsing. Retrieval method would be syslog.
e.g. I have a datasource for my rsyslog based forwarder in my test environment. It has the following config:
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.