I need help because I don't know how to select only the part of the message where it says "NMAP ping sweep Scan".
05/28-10:30:30:52.840974 [**] [1:10000004:1] "NMAP ping sweep Scan" [**] [Priority: 0] {TCP}
I got this:
processors:
- dissect:
tokenizer: ' "%{service.message}" '
filed: "message"
target_prefix: "message"
This Beats Playground allows to play around with beats processors and extract the data, hope t hat helps to get started
Ohhh, thank you very much 
I have a question, what is the reason for this part of the code?
layouts:
- 2006-01-02T15:04:05.999999999Z07:00
See Timestamp | Filebeat Reference [7.13] | Elastic - a list of timestamps that should be able to parse.. this one aims at nanosecond resolution and time zones I would guess
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.