Hi,
thank you for your reply. And sorry for the late reply.
My collegue told me we don’t have Fortianalyzer, so I couldn’t test that.
I did try the approach with the CSV format and raw input. Unfortunately I still run into the issue, that when I use a raw input I get multiple sets of data in one “pile” that graylog treats as a singular message. So when I try processing it with a pipeline I only get 1 piece of data (So 1 date, 1 time,1 device_ID etc.) from the pile of 5-15 ish sets of data in that one message. It’s better than nothing but I’m still losing most of the data that way.
How do I split up this “pile” of data into the individual messages?