Depending on how you want the receiver to grab the data, you can a generic file grab, you can use the collector to watch the log, etc.
Once you determine how you want to grab the log for the application the data source will be configured as such.
Device Type: Generic
Device Model: Syslog
Retrieval Method: undetermined
Then you can create a pipe delimited parser to grab the data to the specific field.
([^\|]*)\|([^\|]*)\|([^\|]*)\|([^\|]*)\|([^\|]*)\|([^\|]*)\|([^\|]*)\|([^\|]*)\| ([^\|]*)\|([^\|]*)\|([^\|]*) ( This parser will grab the literal data between each pipe and can be mapped to the appropriate field when setting up the parser.)
If you copy your example format into regexr.com/v1 and then copy the parser, you will see how the data is parsed into each group.
I was talking to the application team if they are going to provide the log file in CIFS but the problem it's when I am trying to use the Windows McAfee EventCollector it keeps me saying me the Log path it's incorrect. I am also opening a ticket with McAfee support abou that.
It should be great if they provide it through syslog but seems they want us read a log file in a shared path but my tests with the Windows McAfee EventCollector are not working .
Are you able to provide a screen shot of the Windows Event collector and the path the file is located at via a \\server-name\path\file.txt format? Feel free to obfuscate any personal information.