Filebeat to Elasticsearch grok example

rkk · April 28, 2020, 2:08pm

Hi,

I would like to send log files using filebeat directly to elasticsearch but lines in log file are in custom string format and I would like preprocess those lines using grok or something?

I cannot seem to find any example, how to configure filebeat.yml to use regex, grok to send log files directly to elasticsearch; is out there any example?

My log file lines look like:

[28-Apr-2020 14:01:58 +0000]: <nht5271m> Successful login for username1 (ID: 1) from 111.222.333.444 in session nht5271mokfeqd1i

Kind regards,

Rok

kvch · April 28, 2020, 3:35pm

Have you tried the Elasticsearch module of Filebeat? https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-elasticsearch.html

Alternatively, you could use the dissect processor to parse the event: https://www.elastic.co/guide/en/beats/filebeat/current/dissect.html

system · May 26, 2020, 3:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.