Hello Badger,
Sorry for the inconveniance, don't know you needed the logs and conf. Here there are :
Here is a line of logs :
{"username_count": 1, "description": "Not a test", "rules": [{"id": 102, "type": "Concrete"}], "event_count": 2, "flow_count": 0, "assigned_to": "user1", "security_category_count": 2, "follow_up": false, "source_count": 2, "inactive": true, "protected": false, "category_count": 2, "source_network": "other", "closing_user": "user2", "close_time": 1561151914000, "remote_destination_count": 0, "start_time": 1559109647452, "credibility": 3, "magnitude": 2, "id": 23452, "categories": ["Login", "Database"], "severity": 5, "log_sources": [{"type_name": "Event", "type_id": 18, "name": "Custom", "id": 6}, {"type_name": "Dbt", "type_id": 4, "name": "Db", "id": 5}], "policy_category_count": 0, "device_count": 2, "closing_reason_id": 1, "offense_type": 3, "relevance": 0, "domain_id": 0, "offense_source": "localhost", "local_destination_count": 1, "status": "CLOSED", "client": "user3"}
Here is the conf file in logstash :
input {
file {
path => "<path_of_logs>"
start_position => "beginning"
sincedb_path => "<path_sincedb>"
}
}
filter {
json {
source => "message"
}
date {
match => ["start_time", "UNIX_MS"]
target => "@timestamp"
}
}
output {
elasticsearch {
hosts => "localhost"
index => "off"
}
}