...
<Hostname> TelemetryLog <SeverityLevel> <TimeCreated> <TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>
SNARE V2
<Hostname> TelemetryLog <SeverityLevel> {"Event":{"Data":{"MetricType":"<MetricType>","InstanceName":"<InstanceName>","EventName":"<EventName>","Value":"<Value>"},"System":{"TimeCreated":{"SystemTime":"
...
<SystemTime(YYYY-MM-DDTHH:MM.ssssssZ)>","LocalTime":"
...
<LocalTime(YYYY-MM-DDThh:mm:ss.ssssss±hh:mm)>"}}}}
SYSLOG (RFC3164)
<<SyslogPriority>><TimeCreated (MMM DD HH:MM:SS)> <Hostname> TelemetryLog <SeverityLevel> <TimeCreated><TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>
...
<<SyslogPriority>><TimeCreated (MMM DD HH:MM:SS)> <Hostname> TelemetryLog[<SeverityLevel>]:<TimeCreated><TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>
...
<<SyslogPriority>><SyslogVersion> <Time Created (YYYY-MM-DDThh:mm:ss.ssssss±hh:mm)> <Hostname> <ProductName> - TelemetryLog - <SeverityLevel> <TimeCreated><TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>
CEF
<TimeCreated (MMM DD HH:MM:SS)> <Hostname> CEF:<CEFVersion>|<CompanyName>|<ProductName>|<ProductVersion>|TelemetryLog|<EventName>|<CEFSeverity>|value=<Value> dvchost=<Hostname> msg=<YYYY-MM-DD>|<hh:mm:ss>|<MetricType>|<InstanceName>|<EventName>|<Value>
LEEF
<TimeCreated (MMM DD HH:MM:SS)> <Hostname> LEEF:<LEEFVersion>|<CompanyName>|<ProductName>|<ProductVersion>|TelemetryLog|URL=TelemetryLog sev=<LEEFSeverity> resource=<Hostname> value=<Value> msg=<TimeCreated><TimeCreated(YYYY-MM-DD HH:MM)> <MetricType> <InstanceName> <EventName> <Value>
...