I'm playing with the Splunk Add-on for Apache Web Server but it looks to be restrictive on the log format as per: http://docs.splunk.com/Documentation/AddOns/released/ApacheWebServer/Configure
But is there a way to use this without changing the log format since many organizations have a restriction on changing their log format.
I'd love to use this TA so I can make my `access_combined` CIM-compliant but looks like I'm losing a lot of fields since I can't change the httpd.conf log format.
Maybe I'm missing something simple here?
↧