Is there a config available that would push out the same format as Snare from a Heavy Forwarder? i.e. UniversalForwarder->HeavyForwarder->ForkTo:
1. Native windows log gets pushed to the indexer in it's original format from the Universal Forwarder.
2. A copy has the Snare transform applied and pushed out to a third party syslog server.
↧