Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I recommend configuring the UDP origin to consume the "raw/separated" format, rather than Syslog directly. Then attach a Data Parser processor afterward, which tries to parse the incoming record as Syslog. Configure error handling in the pipeline (with error records going to another location, such as filesystem or different Kafka topic). Then, any parse errors that occur in the data parser processor will have the original parsed raw packet sent to the error destination, from which you can perform additional analysis.