I would like to convert a syslog event (no delimiters) to a delimited input at the Universal Forwarder. This would allow for faster searching because I wouldn't have to regex every event at search-time. Can someone point me to a code sample or documentation?
I would not use splunk
for this; I would use Syslogng
: