Hello,
I'm a total newbie. I monitor a twitter feed using ELK. I want to be able to visualize in Kibana based on CVE numbers. I have been trying to use grok to add a new filed containing only a CVE number if it can be found in the text. I want to make it case insensitive and if possible also add multiple fields if more than one CVE number could be found.
A CVE number typically looks like this CVE-2016-2345 or CVE-2015-2312 and may exist anywhere in the Twitter text.
This is what i have now and it's not working. It correctly adds the filed but the value is the full text from Twitter where i only want it to be the extracted CVE number.
filter {
grok {
match => [
'text',
'(CVE-[0-9]{4}-[0-9]{4})']
add_field => [ "CVE" , "%{text}"]
}
}