Log entry example :
"MKEDC3","IAS",12/13/2017,16:40:19,1,"host/MKELT458.WNAD.NET","WNAD\MKELT458$","E2-55-6D-B8-BB-34:WN-intern3","08-11-96-7D-70-D0",,,,"10.1.231.13",0,0,"10.1.231.13","pun-ca-cap8",,,19,"CONNECT 0Mbps 802.11b",,,5,"WN-intern",0,"311 1 10.1.5.93 11/16/2017 14:20:48 383",,,,,,,,,"44C00079-00000000",,,,,,,,,,,,,,,,,,,,,,,,,"WN-intern",1,,,,
host= desktop-111 source=C:\Windows\System32\LogFiles\IN171213.log sourcetype = Radius
I'm looking for help creating props and transforms for to normalize the _raw data and automatically pull the field data for Radius accounting logs. Please help
↧
How to parse Radius log files into splunk? What the configuration required for props and transforms
↧