syslog to use key-value pairs
I would like to open a feature request: for syslog to use key-value pairs. As you can see in the screenshot below the syslog are delineated with “ – “ (space dash space). This makes parsing the logs difficult especially when usernames commonly have spaces or dashes in them. The request from our National Logging team is to use key-value pairs (username="Patrick Hedglen", IP=”192.168.1.100”). Linked below is Splunk’s best practice guide.