Hi,
How can i apply different filter on different source.
Actually, all my devices send logs to the same port 514 natted to 1514.
i need to apply a different filter for one of the devices, how can i change the type for this device ? or us e a condition to apply this filter ?
thx
Hi,
It will be easier if you create a filter based on the source if you are talking about just one device.
To be more precise, create a very generic filter that breaks down the main syslog and gives you the host IP/name .
Then create a new filter based on that field. it will be something like:
if [host] == "the_host_you_want" { grok {
Of course grok can be anything else and the field will be named whatever you want.
Hope it helps.
it's what i did and it works.
Thx
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.