There is a way to do this. There is a way that the original message can be copied, transform applied, and sent out to the syslog server. This way the original log in WEF format is indexed in its original state and the syslog server receives tab delim single line format. I've seen it in use, I just don't have the code.
... View more