I am having problems configurating my inputs.
We have about 800 Cisco switchs and routers. For testing pourposes, I installed the OVA. wich works great except for the specificities of Cisco Syslog message format.
So I followed the recomendations of using the Raw/Plaintext UDP Input, wich works great, except for the little detail that I cannot choose “store_full_message: true” on this type of input, and the users find great the parsing of the messages, but they would like to see the “full_message” field from time to time.
So I went to standard UP input where I can choose the “store_full_message: true” and then show the full message when wanted, but the parsing for Cisco syslog messages do not work great and alot or messages are droped with this input Type.
So I come to you for guidance on what to do?