SouceName Format

rregeA · April 24, 2017, 9:26am

Hello,

I have a windows Fileserver sending in logs to Graylog using nxlog and Sidecar.

The Source name of the log is being shown like this on Graylog:
Microsoft-Windows-Security-Auditing

i would like to have the source name generated like this:
Microsoft Windows Security Auditing

since am sending logs to Splunk and i need this format for the Splunk apps to work. Is any way i can control this in graylog?

Thank you,
Rigert

jochen · April 24, 2017, 9:46am

You can mutate message fields using processing pipeline rules: http://docs.graylog.org/en/2.2/pages/pipelines.html

Topic		Replies	Views
Is there any way to change sourcename as Static names? Graylog Central (peer support) pipeline-rules	6	1338	April 8, 2021
Souce name resolution OR change name of sources Graylog Central (peer support)	1	3116	March 27, 2017
Rule to set source from field Graylog Central (peer support)	9	1812	October 28, 2022
Replacing the Name in the Source Field Graylog Central (peer support)	6	6882	November 8, 2019
Source client appears as a month name Graylog Central (peer support) sidecar , filebeat-windows	5	1045	July 5, 2019