Hello,
As per https://www.safesquid.com/content-filte … -analyzers page, the Extended format of logging is a mix of double-quotes, square-brackets and commas.
It is possible to standardize on just one way to logging? This will help us to build parsers for loggers like syslog-ng, Arcsight and Splunk.
Appreciate your help.
Hello,
The link that you have Specified: https://www.safesquid.com/content-filte … -analyzers
contains details about Old SafeSquid way of storing Extended logs
The new log format for Extended log looks like shown in the link over here :
https://docs.safesquid.com/wiki/Identif … ailed_Logs
SafeSquid Extended log is Tab-Seperated-Values [TSV Format]
You can easily parse this to any log analyzer by providing delemeter as TAB