Dissect - Pipeline in Logstash

lucasyuki · October 18, 2023, 5:47pm

Hi team , im trying to dissect the message log

I'm trying to parse the "Message" column, I tested it in Elastic cloud and the command in the ingest pipelines tab was working
My config in logstash conf.d

input {
syslog {
host => "xxx"
port => xxx
codec => cef
syslog_field => "syslog"
grok_pattern => "<%{POSINT:priority}>%{SYSLOGTIMESTAMP:timestamp} CUSTOM GROK HERE"
}
}

filter {
dissect {
mapping => {
"message" => "<%{case.number}>%{@timestamp} %{ip.reporting} : %{tool.name};%{tool.id};NEC - Sev %{severity.modifier} %{severity.rating};Line %{tool.line};Alarm: NEC - Sev %{alarm.modifier} %{alarm.rating}|Trigger Date: %{trigger.d$
}
}
}
output {
elasticsearch { cloud_id => xxx
cloud_auth => "xxxx"
index => "nec_latam_noc_brasil_pa_banpara-%{+YYYYMMdd}" }

file {
path => "/var/log/resultado.log"
file_mode => 0777
codec => plain
}

}

carly.richmond · October 19, 2023, 9:08am

Hi @lucasyuki,

Thanks for sharing your config. Are you getting a particular error or unexpected result at all?

lucasyuki · October 19, 2023, 1:42pm

No , just the log didnt dissect

Rios · October 19, 2023, 2:06pm

Can you copy few messages?

system · November 16, 2023, 2:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to dissect logs based on a string pattern Logstash	1	569	September 4, 2017
Need help with grok filtering Logstash	16	492	September 5, 2018
Logstash filtering drives me nuts Logstash	8	436	June 16, 2021
Error with dissect filter [SOLVED] Logstash	9	4160	July 9, 2018
Help using logstash dissect filtering Logstash	3	325	June 18, 2019

Dissect - Pipeline in Logstash

Related topics