SouceName Format


(Rigert Alekaj) #1

Hello,

I have a windows Fileserver sending in logs to Graylog using nxlog and Sidecar.

The Source name of the log is being shown like this on Graylog:
Microsoft-Windows-Security-Auditing

i would like to have the source name generated like this:
Microsoft Windows Security Auditing

since am sending logs to Splunk and i need this format for the Splunk apps to work. Is any way i can control this in graylog?

Thank you,
Rigert


(Jochen) #2

You can mutate message fields using processing pipeline rules: http://docs.graylog.org/en/2.2/pages/pipelines.html