hello,
I have a beats log, who are concatenate and special characters.
I wanted request one of this field but I supposed my request is blocked because a bad syntax.
{
"user" => {
"name" => "AD-WSUS$",
"domain" => "BUBODEV",
"id" => "S-1-5-18"
},
"host" => {
"mac" => [
[0] "xxx"
],
"name" => "AD-wsus.bubodev.local",
"os" => {
"type" => "windows",
"family" => "windows",
"name" => "Windows Server 2019 Standard",
"kernel" => "xxxx",
"version" => "10.0",
"build" => "1xxx",
"platform" => "windows"
},
"hostname" => "AD-wsus",
"architecture" => "x86_64",
"ip" => [
[0] "xxxx",
[1] "xxxx"
],
"id" => "xxxx"
},```
my request look like :
`if [host.ip] {
memcached {
hosts => ["xxx:11211"]
namespace => "misp-ip"
get => { "%{[host.ip]}" => "[enrich][tmp]" }
`
with apache log it's work properly but in this case not.