It's fun when you read a documentation and suddenly you see that integration with the software you work on is documented. You open the page, and suddenly there is a link to your blog:

https://zincsearch-docs.zinc.dev/ingestion/syslog-ng/

So, yes, #Zinc works with #syslog_ng, just like #Elasticsearch, @OpenSearchProject or #Humio :)

I suspect anyone who thinks #Humio, err sorry "CrowdStrike Falcon LogScale", is an acceptable replacement for #SumoLogic has never done anything particularly interesting with SumoLogic.

One of the most popular destinations in #syslog_ng is #Elasticsearch (and #OpenSearch, #Zinc,
#Humio, etc.). The 12th part of my syslog-ng #tutorial shows you how to send log messages to Elasticsearch.

https://youtu.be/44rFCmSdb6M

#YouTube

@Solaris not so much KQL these days, after changing jobs, but there's some fantastic resources available.

I've long considered logging solutions (#splunk, #sentinel, #humio, #elastic etc) as being like a defender's eyes and ears. Leaning a query language well, such as KQL, is time invested that will continue to pay dividends.

Have you come across #sigma yet?
https://github.com/SigmaHQ/sigma