Works great for the high-end devices, but it's looking like my branch devices aren't sending traffic logging information in the format it's expecting. Any plans on fixing the extractions/searches?
Never mind. Works just fine after doing a set security log host format sd-syslog and setting structured_data brief in system syslog.