when sending the log to qradar it comes up in the format of slot#/hostname
<132>Aug 11 15:27:37 slot1/testf502 warning tmm: 01260026:4: No shared ciphers between SSL peers 18.104.22.168.56372:192.168.10.156.443.
looking to remove the slot# from the log entry before sending to qradar to allow for better sorting.
I don't think it is possible to remove the slot# from the logs. You can always sort after the log is sent to the server, imo.