Hi Elasticsearch Developers,
This is kind of suggestion post,
I want to integrate Versa-Network Logs into Elasticsearch.
and it would be much easier if you include that module in Filebeat.
Too much fields for ecs mapping
Sample Logs
2020-05-07T23:14:44+0000 cgnatLog, applianceName=versa, tenantName=Tenant1,observationTimeMilliseconds=21034388, flowCookie=1588893277, flowId=33589149,sourceIPv6Address=2001:172:16:31::10, destinationIPv6Address=2001:192:168:5::10, postNATSourceIPv6Address=2001:172:16:91:ff9f::10, postNATDestinationIPv6Address=2001:192:168:5::10,sourcePort=6000, destinationPort=6000, postNAPTsourceTransportPort=6000, postNAPTdestinationTransportPort=6000, tenantId=1, vsnId=0, applianceId=1,protocolIdentifier=58, sourceNatPoolName=NPT_POOL_66, natRuleName=NPT_RULE_66, natEvent=nat66-sess-delete
2020-05-07T23:44:43+0000 alarmLog, applianceName=versa, tenantName=Tenant1,alarmType=cgnat-pool-utilization, alarmKey=Tenant1_NAPT_POOL1, generateTime=1588895083,applianceId=1, vsnId=0, tenantId=1, alarmCause=resourceAtOrNearingCapacity, alarmClearable=yes, alarmClass=changed, alarmKind=symptom, alarmEventType=equipmentAlarm, alarmSeverity=critical,alarmOwner=tenant, alarmSeqNo=6, alarmText="CGNAT pool Tenant1_NAPT_POOL1 addresses near exhaustion (utilization: 93%)",siteName=, serialNum=br103.versa
2018-10-12T23:10:28+0000 dhcpRequestLog, applianceName=Site2Branch1, tenantName=Customer1,tenantId=2, dhcpRequestLogType=address-renewal, ingressInterfaceName=vni-0/4.101, ethernetAddress=52:54:b1:f9:51:f9, profileName=LAN-Server-Customer1Lan, poolName=LAN-POOL-Customer1Lan, clientIPv4Address=172.19.101.50, expirationTime=1539472264
2017-11-28T23:12:43+0000 sdwanSlaPathViolLog, applianceName=Site1Branch1, tenantName=Customer1, flowId=34076716, flowCookie=1511911224, applianceId=1, tenantId=1, vsnId=0, rule=Rule_Http, localSiteName=Site1Branch1, fromRemoteSiteName=, fromLocalAccCktName=, fromRemoteAccCktName=, toRemoteSiteName=Site3Branch1, toLocalAccCktName=ISPA-Network, toRemoteAccCktName=ISPA-Network, forwardingClass=fc_be, fromPriority=P-0, toPriority=SLA Vio, reason="Violating metrics [Current value(Configured Threshold)]: latency-714(250) loss percentage-12.50(5) "
2017-11-26T22:42:38+0000 flowMonLog, applianceName=Branch1, tenantName=Customer1, flowId=33655871, flowCookie=1511734794, flowStartMilliseconds=361020099, flowEndMilliseconds=361865221, sentOctets=15000, sentPackets=34, recvdOctets=360, recvdPackets=6, vsnId=0, applianceId=1,tenantId=1, appRisk=1, appProductivity=3, appIdStr=iperf, appFamily=, appSubFamily=, urlCategory=, rule=catchall, localSiteName=Branch1, fwdEgrSiteName=Branch2, fwdEgrAccCktName=MPLS:MPLS, revIngAccCktName=MPLS, revIngSiteName=, fwdIngSiteName=, fwdIngAccCktName=vni-0/2.0, revEgrSiteName=, revEgrAccCktName=vni-0/2.0, deviceKey=, forwardForwardingClass=fc_be, reverseForwardingClass=fc_be
2017-11-26T22:42:38+0000 accessLog, applianceName=Branch1, tenantName=Customer1, flowId=33655871, flowCookie=1511734794, flowStartMilliseconds=361020099, flowEndMilliseconds=361865221, sentOctets=15000, sentPackets=34, recvdOctets=360, recvdPackets=6, appId=245, eventType=end, tenantId=1, urlCategory=, action=allow, vsnId=0, applianceId=1, appRisk=1, appProductivity=3, appIdStr=iperf, appFamily=networking, appSubFamily=network-management, rule=r1, forwardForwardingClass=fc_be, reverseForwardingClass=fc_be, host
2017-11-28T22:52:54+0000 avLog, applianceName=DC1Branch1, tenantName=Customer1, flowId=33890850, flowCookie=1511910209, vsnId=0, applianceId=1, tenantId=1, profileName=scan_http, appIdStr=http, fileName="1", fileType=Portable Document File, fileTransDir=download, avMalwareType=AV_DETECTION_TYPE_VIRUS, avMalwareName=W32/ExploreZip.210432, avAccuracy=AV_DETECTION_ACCURACY_LOW, avAction=reject
2017-11-28T23:09:29+0000 dosThreatLog, applianceName=Site1Branch1, tenantName=Customer1, observationTimeMilliseconds=1511911030085, threatType=Flood, dosAttackName=UDP, tenantId=1, fromZone=(null), toZone=, dosAttacker=, dosVictim=, dosScanList=(null), dosScanPortsCount=0, dosAction=Drop, severityLevel=1, vsnId=0
2017-11-26T22:37:11+0000 idpLog, applianceName=Branch1, tenantName=Customer1, flowId=33655871, flowCookie=1511734794, signatureId=1000000530, groupId=1, signatureRev=0, vsnId=0, applianceId=1, tenantId=1, moduleId=12, signaturePriority=2, idpAction=alert, signatureMsg="Microsoft DNS Server Denial ofService", classMsg="Attempted Denial of Service", threatType=attempted-dos,packetTime=11/26/2017-14:37:11.000000, HitCount=1, ipsProfile=Vulnerablity_Profile, ipsProfileRule=Rule1, ipsDirection=ToClient, ipsProtocol=UDP, ipsApplication=dns
2017-11-26T24:42:38+0000 urlfLog, applianceName=DC1Branch1, tenantName=Customer1, flowId=33655871, flowCookie=1511734794, vsnId=0, applianceId=1, tenantId=1, urlReputation=trustworthy, urlCategory=business_and_economy, httpUrl=apt.puppetlabs.com/dists/trusty/Release.gpg, urlfProfile=url_profile1, urlfAction=ask, urlfActionMessage=