Jump to content
Welcome to our new Citrix community!

Remove quotation marks from syslog messages?


Justin McNutt

Recommended Posts

An example message received by our syslog server from the ADC is as follows:

 

Mar 14 11:18:48 172.16.53.53 03/14/2023:11:18:46 test-adc1 0-PPE-0 : default REWRITE Message 309415 0 : "HTTP response in TEST received. method=GET vip=172.16.33.33 client=172.22.22.22 clientport=51803 url=https://test-vip1/ lbsocket=172.16.99.141:14270 realserversocket=172.19.16.5:9991 responsecode=404"

 

Note the quotation marks before "HTTP" and after "404".

 

These quotation marks confuse Splunk and prevent it from properly extracting the fields like "url" and "responsecode" and so on without doing a lot of extra work.

 

Is there a way to remove/suppress/replace those quotation marks?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...