I'm new to Elasticsearch and I am trying to get information from a Juniper SRX firewall. The logs are being ingested but the information I would like to search is in event.original which is not indexed or searchable. The information does appear in error.message "Provided Grok expressions do not match field value: ..." but it doesn't seem right to search this error field. Is the correct solution to enable indexing on event.original?
Welcome to our community!
Let's step back a bit here. How are these logs being sent to Elasticsearch? Where are you defining this grok pattern that is erroring?
So I have added the Juniper SRX integration to my Fleet server and installed an Elastic Agent on a different host to receive logs from the firewall and pass them to Elasticsearch. I haven't defined any grok pattern specifically.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.