FMC is sending eStreamer logs to Qradar, when we look at the logs, source is being seen as FMC, how to identify the original FTD device that is sending the logs? Looking at the eStreamer payload, I see the field flowStatistics.deviceId=3 but I am not sure if it correlates to exact device or not, quick test using the flow on the event viewer showed id 1 and 3 to same Cluster member, if it does correlate, where to look that id and device correlation.
Any comments/suggestions are welcome. Thank You.
