Advice to get different unstrctured log data into structured format

I am new to Logstash. I have a processing question. I am getting these kind of logs with Filebeat on the "mmesage" field, from the same host. Sometimes different Files. How would I process to make those Messages I am getting into ES, somehow structured? Do I need to have multiple Pipelines, as those are different formats? What kind of filters could I use? One message has comma, so on one CSV, but others? Does anyone have a good guideline how to process there? I tried with the Grok Debugger but I can only able to parse two fields, than I get "No matches". Any advice?

[14.04.2022/12:16:02][INFO]MagicViewer::loadUILanguage: Successfully switched to new language.
2022.04.14 08:51:29.500["Meldesperre deactivate DP:System1:APPLICATION/SYSTEM.Values.Aktiv"]
CCILdata (0), 2022.04.08 16:58:47.585, IMPL, SEVERE, 54, Unexpected state, DataManDpIntern, refreshDiskStatus, Cannot stat FILEPATH
WCCILdata    (0), 2022.04.14 08:51:08.796, IMPL, WARNING,   187, DP: APPLICATION/SYSTEM.Values.Stoerung:_alert_hdl: No gone alert between two came ones at 2021.08.04 09:22:07.328 and 2021.09.05 02:15:26.798, AlertAdministration, insertAlert
2022.04.14 08:51:37.262[2021.09.05 02:07:06.216 (0 )  (Type: 0 Sys: 0 Dp: 0 El: 0 : 0..0)]
2022.04.14 08:58:09.983["checkNotebookExpirationMessage - iNumber:NUMBER | sText:ijofdslkjjöjfdlksjkjsdf | sAuthor:NAME | tSpreaddate:2021.12.02 14:02:33.678 | sReviewer: | tReviewdate:1970.01.01 01:00:00.000 | sStation: | allCategoryTags:name:TEXT | name:TEXT | expirationDate:1970.01.01 01:00:00.000"]
2022.04.14 14:44:13.214 SYS PC PCNAME: _Connections.Ui.HostNames:_online.._value = HOSTNAME 

How would I parse Windows Event Logs from winlogbeat in Logstash? I want hash for example Account Name for GDPR. I am thankfull for any advice.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.