hi
this is a log coming from a firewalll
i need to extract from that message IP_srs, src_Port , IP_dst , dst_port and make them as fields
please help me
Hi,
That depends on how you model your data in elasticsearch.
These are our documents about it: https://www.elastic.co/guide/en/elasticsearch/guide/current/modeling-your-data.html
Thanks,
Bhavya
thanks for your answer ,
so it's not about the grok filter ?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.