So I have JSON file retrieve from virustotal. Looks:
This is my logstash config :
input{
file{
path => "/path/scan.json"
start_position => beginning
}
}
filter{
json{
source => scans
}
}
output {
elasticsearch {
hosts => ["10.33.109.24:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
file {
path => "/home/elk/log/virustotal.json"
codec => json
}
stdout {
codec => rubydebug
}
}
At first, I used filebeat as my input but there is no incoming data to my elasticsearch/kibana. I Then i used file input instead, but still no result. Is something wrong with my JSON filter?