A new parser for Dell Avamar logging #2341
Comments
|
Hello, @RichardHEB !
Please use release version (for example
Please send me on email: ikheifets@splunk.com |
|
Hello, @RichardHEB ! |
|
Hi @ikheifets-splunk I had asked Andre (Splunk) to send it to you. He's had it since day one, I can email it to your Splunk email, do not want to posted open in public here. Am checking with Andre as well. |
|
thanks @RichardHEB finally received it, Andre shared with me. |
|
Hi Ilya, any updates on this one? |
|
Hello, @RichardHEB ! We parsed your log message (I hide here sensitive data like ip, emails): Will look at Splunk like this: |
|
Hello, @RichardHEB ! If you need it today and don't want to wait, please embed parser that provided on PR as local parser. For that:
|
|
Ilya, we tested as instructed above and also ran a load test, everything is working as it should with the latest SC4S version 3.22.3; we put the parser in this folder: |
|
@RichardHEB It will be released during 24h |
|
@ikheifets-splunk Hi Ilya, any word? I still don't see it merged to main and we were hoping to deploy to cert then prod today. Thanks! |
|
It has been released https://github.com/splunk/splunk-connect-for-syslog/releases/tag/v3.23.0 |
What is the sc4s version ?
pr-2259
Is there a pcap available?
Yes
What the vendor name?
Dell
What's the product name?
Avamar
** Feature Request description: **
Need a parser created for Avamar logs
** Should it support TCP or UDP?**
UDP
** Do you want to have it for local usage or prepare a github PR? **
local and github PR
The text was updated successfully, but these errors were encountered: