Best way to parse events (filebeat module/logstash plugin/logstash input filter)

I've installed and configured elasticstack on CentOS 8, using the packages in the elasticsearch repos. Once of the first log sources I'm toying with is mod_security. Of course, the format of these logs is totally brutal, so it's been challenging. I see quite a bit of work has been to make this easier, but I'm struggling with the "best" or most "efficient" way to ingest/parse these.

There are just so many options and approaches, I'm not confident in which route is the more standard or the more efficient. Any advice would be helpful.

Thanks for any help!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.