Does Grok Filter is needed when we apply Logstash Arcsight module?

I am trying to implement ELK as a SIEM as instructed here, where Arcsight logs are being sent as CEF format in Logstash Arcsight module.

However, I understand that normally when the logs are parsing in Logstash, Grok Filter is needed for parsing logs into separated attributes. This is where I am not sure if this is also the case when I apply Logstash Arcsight module. Does this module be able to function as Grok Filter itself?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.