Full log payload in Alert
We're interested in some of the non-parsed data in many of the windows, SQL and Symantec logs. We could look into custom parsers but it would be easy enough to just grab the data out of the full log. Some of the teams we need to send alerts to don't have access to Netwitness so sending the data in alerts would be preferable. At some point we'll probably end up sending this data to Remedy Force for ticketing but that's still a ways away.
It's not that I'm not interested in the meta, was just looking to see if it was easy to grab the entire log into an alert. If that's not possible, I'd guess that the meta is the next best / easiest thing to do. Honestly, I'm a bit surprised there's no way to get the raw log or reconstructed log as it is shown in Netwitness.