SouceName Format

(Rigert Alekaj) #1


I have a windows Fileserver sending in logs to Graylog using nxlog and Sidecar.

The Source name of the log is being shown like this on Graylog:

i would like to have the source name generated like this:
Microsoft Windows Security Auditing

since am sending logs to Splunk and i need this format for the Splunk apps to work. Is any way i can control this in graylog?

Thank you,

(Jochen) #2

You can mutate message fields using processing pipeline rules: