Hi there,
Sorry if this question is being stupid, but I'm trying to get something weitrd working... the deal is I have some Firewalls which send some data to ElasticSearch via LogStash. all works fine, except the only format I can stream is Syslog format that shows up like tis on Elasticsearch:
{"host":"IP","message":"LOG-CONTENT","@timestamp":"2018-11-22T11:36:08.150Z","port":4954,"@version":"1"}
What I try to achieve is that I only get the LOG-CONTENT out of the whole string, and then use grok to parse the log content and make custom indexes via regex.
The latter I managed to get running, but I have a lot of exttra data with the Syslog format's fields like timestamp, host, port and so on. I have all this, but was not able to filter out just the message.
Any tipps are highly appreciated!
Thanks in advance!