Hi all,
I am working on how to configure ELK stack to forward syslog file to ELK stack server using Filebeat.
Everything looks fine. The logs are coming to Logstash in following format:
input.type:
log
ecs.version:
1.0.0
message:
Jun 11 09:52:37 elk-VirtualBox kernel: [ 7608.472526] IN=eth0 OUT= MAC=08:00:27:ad:13:1c:08:00:27:02:ca:e0:08:00 SRC=192.168.11.111 DST=192.168.11.173 LEN=58 TOS=0x00 PREC=0x00 TTL=64 ID=59421 DF PROTO=TCP SPT=5044 DPT=47872 WINDOW=4054 RES=0x00 ACK PSH URGP=0
agent.type:
filebeat
agent.ephemeral_id:
f6d14bb5-0476-47e6-9b19-65980cff7dc6
agent.hostname:
elk-VirtualBox
agent.version:
7.1.1
agent.id:
89356dc0-5fdd-4cca-a9d4-3b1621b3efd0
log.offset:
7,501,428
I want to filter the "message" field so that I can see the relevant fields like SRC, DST, PROTO, etc.
I will look forward to the response.
Regards,
Hassaan