splunk
diff --git a/‎2766/search/search_index.json‎
Lines changed: 1 addition & 1 deletion b/‎2766/search/search_index.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎2766/sitemap.xml.gz‎
0 Bytes b/‎2766/sitemap.xml.gz‎
0 Bytes
diff --git a/‎2766/sources/vendor/epic/epic_ehr/index.html‎
Lines changed: 2 additions & 0 deletions b/‎2766/sources/vendor/epic/epic_ehr/index.html‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎2766/troubleshooting/troubleshoot_SC4S_server/index.html‎
Lines changed: 1 addition & 241 deletions b/‎2766/troubleshooting/troubleshoot_SC4S_server/index.html‎
Lines changed: 1 addition & 241 deletions
@@ -9295,7 +9295,9 @@ <h1 id="epic-ehr">Epic EHR<a class="headerlink" href="#epic-ehr" title="Permanen
 <h2 id="key-facts">Key facts<a class="headerlink" href="#key-facts" title="Permanent link">&para;</a></h2>
 <ul>
 <li>Requires vendor product by source configuration</li>
+<li>MSG Format based filter</li>
 <li>Legacy BSD Format default port 514</li>
+<li>RFC 5424 Format default port 514</li>
 </ul>
 <h2 id="links">Links<a class="headerlink" href="#links" title="Permanent link">&para;</a></h2>
 <table>
 
@@ -9128,84 +9128,6 @@
     </span>
   </a>
 
-    <nav class="md-nav" aria-label="Issue: Unable to retrieve logs from non RFC-5424 compliant sources">
-      <ul class="md-nav__list">
-        
-          <li class="md-nav__item">
-  <a href="#issue-terminal-is-overwhelmed-by-metrics-and-internal-processing-messages-in-a-custom-environment-configuration" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: Terminal is overwhelmed by metrics and internal processing messages in a custom environment configuration
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-cef-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing CEF logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-vmware-cb-protect-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing VMWARE CB-PROTECT logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-cisco-ios-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing CISCO IOS logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-vmware-vsphere-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing VMWARE VSPHERE logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-raw-bsd-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing RAW BSD logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-raw-xml-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing RAW XML logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-hpe-jetdirect-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing HPE JETDIRECT logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-      </ul>
-    </nav>
-  
 </li>
 
     </ul>
@@ -9455,84 +9377,6 @@
     </span>
   </a>
 
-    <nav class="md-nav" aria-label="Issue: Unable to retrieve logs from non RFC-5424 compliant sources">
-      <ul class="md-nav__list">
-        
-          <li class="md-nav__item">
-  <a href="#issue-terminal-is-overwhelmed-by-metrics-and-internal-processing-messages-in-a-custom-environment-configuration" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: Terminal is overwhelmed by metrics and internal processing messages in a custom environment configuration
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-cef-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing CEF logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-vmware-cb-protect-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing VMWARE CB-PROTECT logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-cisco-ios-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing CISCO IOS logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-vmware-vsphere-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing VMWARE VSPHERE logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-raw-bsd-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing RAW BSD logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-raw-xml-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing RAW XML logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-          <li class="md-nav__item">
-  <a href="#issue-you-are-missing-hpe-jetdirect-logs-that-are-not-rfc-compliant" class="md-nav__link">
-    <span class="md-ellipsis">
-      Issue: You are missing HPE JETDIRECT logs that are not RFC compliant
-    </span>
-  </a>
-  
-</li>
-        
-      </ul>
-    </nav>
-  
 </li>
 
     </ul>
@@ -9662,91 +9506,7 @@ <h2 id="issue-unable-to-retrieve-logs-from-non-rfc-5424-compliant-sources">Issue
    PROGRAM: syslog-ng
 }
 </code></pre></div>
-<p>In this example the error can be seen in the snippet <code>statefulset.kubernetes.io/pod-n&gt;@&lt;ame</code>. The error states that the &ldquo;SD-NAME&rdquo; (the left-hand side of the name=value pairs) cannot be longer than 32 printable ASCII characters, and the indicated name exceeds that. Ideally you should address this issue with the vendor, however, you can add an exception to the SC4S filter log path or an alternative workaround log path created for the data source.</p>
-<p>In this example, the reason <code>RAWMSG</code> is not shown in the fields above is because this error message is coming from syslog-ng itself. In messages of the type <code>Error processing log message:</code> where the PROGRAM is shown as <code>syslog-ng</code>, your incoming message is not RFC-5424 compliant.</p>
-<h3 id="issue-terminal-is-overwhelmed-by-metrics-and-internal-processing-messages-in-a-custom-environment-configuration">Issue: Terminal is overwhelmed by metrics and internal processing messages in a custom environment configuration<a class="headerlink" href="#issue-terminal-is-overwhelmed-by-metrics-and-internal-processing-messages-in-a-custom-environment-configuration" title="Permanent link">&para;</a></h3>
-<p>In non-containerized SC4S deployments, if you try to start the SC4S service, the terminal may be overwhelmed by the internal and metrics logs. Example of the issue can be found here: <a href="https://github.com/splunk/splunk-connect-for-syslog/issues/1954">Github Terminal abuse issue</a></p>
-<p>To resolve this, set following property in <code>env_file</code>:
-<div class="highlight"><pre><span></span><code>SC4S_SEND_METRICS_TERMINAL=no
-</code></pre></div></p>
-<p>Restart SC4S. </p>
-<ul>
-<li>NOTE:  This symptom will recur if <code>SC4S_DEBUG_CONTAINER</code> is set to &ldquo;yes&rdquo;. Use the CLI <code>podman</code> or <code>docker</code> commands directly to start/stop SC4S.</li>
-</ul>
-<h3 id="issue-you-are-missing-cef-logs-that-are-not-rfc-compliant">Issue: You are missing CEF logs that are not RFC compliant<a class="headerlink" href="#issue-you-are-missing-cef-logs-that-are-not-rfc-compliant" title="Permanent link">&para;</a></h3>
-<ol>
-<li>
-<p>To resolve this, set following property in <code>env_file</code>:
-<div class="highlight"><pre><span></span><code>SC4S_DISABLE_DROP_INVALID_CEF=yes
-</code></pre></div></p>
-</li>
-<li>
-<p>Restart SC4S.</p>
-</li>
-</ol>
-<h3 id="issue-you-are-missing-vmware-cb-protect-logs-that-are-not-rfc-compliant">Issue: You are missing VMWARE CB-PROTECT logs that are not RFC compliant<a class="headerlink" href="#issue-you-are-missing-vmware-cb-protect-logs-that-are-not-rfc-compliant" title="Permanent link">&para;</a></h3>
-<ol>
-<li>
-<p>To resolve this, set following property in <code>env_file</code>:
-<div class="highlight"><pre><span></span><code>SC4S_DISABLE_DROP_INVALID_VMWARE_CB_PROTECT=yes
-</code></pre></div></p>
-</li>
-<li>
-<p>Restart SC4S.</p>
-</li>
-</ol>
-<h3 id="issue-you-are-missing-cisco-ios-logs-that-are-not-rfc-compliant">Issue: You are missing CISCO IOS logs that are not RFC compliant<a class="headerlink" href="#issue-you-are-missing-cisco-ios-logs-that-are-not-rfc-compliant" title="Permanent link">&para;</a></h3>
-<ol>
-<li>To resolve this, set following property in <code>env_file</code>:
-<div class="highlight"><pre><span></span><code>SC4S_DISABLE_DROP_INVALID_CISCO=yes
-</code></pre></div></li>
-<li>Restart SC4S.</li>
-</ol>
-<h3 id="issue-you-are-missing-vmware-vsphere-logs-that-are-not-rfc-compliant">Issue: You are missing VMWARE VSPHERE logs that are not RFC compliant<a class="headerlink" href="#issue-you-are-missing-vmware-vsphere-logs-that-are-not-rfc-compliant" title="Permanent link">&para;</a></h3>
-<ol>
-<li>
-<p>To resolve this, set following property in <code>env_file</code>:
-<div class="highlight"><pre><span></span><code>SC4S_DISABLE_DROP_INVALID_VMWARE_VSPHERE=yes
-</code></pre></div></p>
-</li>
-<li>
-<p>Restart SC4S.</p>
-</li>
-</ol>
-<h3 id="issue-you-are-missing-raw-bsd-logs-that-are-not-rfc-compliant">Issue: You are missing RAW BSD logs that are not RFC compliant<a class="headerlink" href="#issue-you-are-missing-raw-bsd-logs-that-are-not-rfc-compliant" title="Permanent link">&para;</a></h3>
-<ol>
-<li>
-<p>To resolve this, set following property in <code>env_file</code>:
-<div class="highlight"><pre><span></span><code>SC4S_DISABLE_DROP_INVALID_RAW_BSD=yes
-</code></pre></div></p>
-</li>
-<li>
-<p>Restart SC4S.</p>
-</li>
-</ol>
-<h3 id="issue-you-are-missing-raw-xml-logs-that-are-not-rfc-compliant">Issue: You are missing RAW XML logs that are not RFC compliant<a class="headerlink" href="#issue-you-are-missing-raw-xml-logs-that-are-not-rfc-compliant" title="Permanent link">&para;</a></h3>
-<ol>
-<li>
-<p>To resolve this, set following property in <code>env_file</code>:
-<div class="highlight"><pre><span></span><code>SC4S_DISABLE_DROP_INVALID_XML=yes
-</code></pre></div></p>
-</li>
-<li>
-<p>Restart SC4S.</p>
-</li>
-</ol>
-<h3 id="issue-you-are-missing-hpe-jetdirect-logs-that-are-not-rfc-compliant">Issue: You are missing HPE JETDIRECT logs that are not RFC compliant<a class="headerlink" href="#issue-you-are-missing-hpe-jetdirect-logs-that-are-not-rfc-compliant" title="Permanent link">&para;</a></h3>
-<ol>
-<li>
-<p>To resolve this, set following property in <code>env_file</code>:
-<div class="highlight"><pre><span></span><code>SC4S_DISABLE_DROP_INVALID_HPE=yes
-</code></pre></div></p>
-</li>
-<li>
-<p>Restart SC4S and it will not drop any invalid HPE JETDIRECT format.</p>
-</li>
-</ol>
-<p>NOTE: Please use only in this case of exception and this is splunk-unsupported feature. Also this setting might impact SC4S performance.</p>
+<p>In this example the error can be seen in the snippet `statefulset.kubernetes.io/pod-n&gt;@</p>