I have set up a Cisco BGP syslog alert from Splunk. The BGP down event triggers correctly with all indexed data. See screenshot below:
![alt text][1]
But the Up message shows up with now indexed data in fast-mode:
![alt text][2]
If you view the message on the "up message", all data was indexed correctly in verbose mode, but not in fast-mode. How can I set up and alert in display the alert with verbose mode data?
[1]: /storage/temp/150240-1.png
[2]: /storage/temp/150241-2.png
↧