I am new to Logstash. I have a processing question. I am getting these kind of logs with Filebeat on the "mmesage" field, from the same host. Sometimes different Files. How would I process to make those Messages I am getting into ES, somehow structured? Do I need to have multiple Pipelines, as those are different formats? What kind of filters could I use? One message has comma, so on one CSV, but others? Does anyone have a good guideline how to process there? I tried with the Grok Debugger but I can only able to parse two fields, than I get "No matches". Any advice?
[14.04.2022/12:16:02][INFO]MagicViewer::loadUILanguage: Successfully switched to new language.
2022.04.14 08:51:29.500["Meldesperre deactivate DP:System1:APPLICATION/SYSTEM.Values.Aktiv"]
CCILdata (0), 2022.04.08 16:58:47.585, IMPL, SEVERE, 54, Unexpected state, DataManDpIntern, refreshDiskStatus, Cannot stat FILEPATH
WCCILdata (0), 2022.04.14 08:51:08.796, IMPL, WARNING, 187, DP: APPLICATION/SYSTEM.Values.Stoerung:_alert_hdl: No gone alert between two came ones at 2021.08.04 09:22:07.328 and 2021.09.05 02:15:26.798, AlertAdministration, insertAlert
2022.04.14 08:51:37.262[2021.09.05 02:07:06.216 (0 ) (Type: 0 Sys: 0 Dp: 0 El: 0 : 0..0)]
2022.04.14 08:58:09.983["checkNotebookExpirationMessage - iNumber:NUMBER | sText:ijofdslkjjöjfdlksjkjsdf | sAuthor:NAME | tSpreaddate:2021.12.02 14:02:33.678 | sReviewer: | tReviewdate:1970.01.01 01:00:00.000 | sStation: | allCategoryTags:name:TEXT | name:TEXT | expirationDate:1970.01.01 01:00:00.000"]
2022.04.14 14:44:13.214 SYS PC PCNAME: _Connections.Ui.HostNames:_online.._value = HOSTNAME
How would I parse Windows Event Logs from winlogbeat in Logstash? I want hash for example Account Name for GDPR. I am thankfull for any advice.