EPIC EHR parser

[wedge22]

Note: If your issue is not a bug or a feature request, please raise a support ticket through our support portal (Splunk.com > Support > Support Portal). This will help us resolve your issue more efficiently and provide you with better assistance. For more information on how to work with the Splunk Support, please refer to this guide.

What is the sc4s version?
3.34.3

Is there a pcap available? If so, would you prefer to attach it to this issue or send it to Splunk support?
A pcap could be captured and shared.

What the vendor name?
EPIC

What's the product name?
EHR

If you're requesting support for a new vendor, do you have any preferences regarding the default index and sourcetype for their events?

Do you have syslog documentation or a manual for that device??
No

Feature Request description:
EPIC syslog parsing is already part of SC4S but only for Legacy format logs. The current output options from EPIC to syslog are CEF, LEEF and RFC5424. Can you create new parsers based on these?

Do you want to have it for local usage or prepare a github PR?

[rjha-splunk]

Please create a support ticket and upload pcap, we will review it.