• Attached you will see a sample of the log I am working with. <-- tried to attach it but not enough points. Haha!
• You will see in the body of the log row there are xml tags. Like CorrelationId, MessageId, DateTime, Status, Action, Message.
• I would think that Splunk would at least attempt to recognized these "xml tagged" field and name them.
• Is it not recognizing the xml tags because the FULL log is not xml tagged & the beginning few positions aren't xml tagged?
• Any thoughts or suggestions appreciated.
↧