Dissect - Pipeline in Logstash

lucasyuki · October 18, 2023, 5:47pm

Hi team , im trying to dissect the message log

I'm trying to parse the "Message" column, I tested it in Elastic cloud and the command in the ingest pipelines tab was working
My config in logstash conf.d

input {
syslog {
host => "xxx"
port => xxx
codec => cef
syslog_field => "syslog"
grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} CUSTOM GROK HERE"
}
}

filter {
dissect {
mapping => {
"message" => "<%{case.number}>%{@timestamp} %{ip.reporting} : %{tool.name};%{tool.id};NEC - Sev %{severity.modifier} %{severity.rating};Line %{tool.line};Alarm: NEC - Sev %{alarm.modifier} %{alarm.rating}|Trigger Date: %{trigger.d$
}
}
}
output {
elasticsearch { cloud_id => xxx
cloud_auth => "xxxx"
index => "nec_latam_noc_brasil_pa_banpara-%{+YYYYMMdd}" }

file {
path => "/var/log/resultado.log"
file_mode => 0777
codec => plain
}

}

carly.richmond · October 19, 2023, 9:08am

Hi @lucasyuki,

Thanks for sharing your config. Are you getting a particular error or unexpected result at all?

lucasyuki · October 19, 2023, 1:42pm

No , just the log didnt dissect

Rios · October 19, 2023, 2:06pm

Can you copy few messages?

system · November 16, 2023, 2:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need help with grok filtering Logstash	16	492	September 5, 2018
Logstash filtering drives me nuts Logstash	8	436	June 16, 2021
Error with dissect filter [SOLVED] Logstash	9	4157	July 9, 2018
Help using logstash dissect filtering Logstash	3	325	June 18, 2019
Parsing Syslog to Logstash Logstash	6	475	March 10, 2020

Dissect - Pipeline in Logstash

Related Topics