Filebeat to Logstash split message log to different tables

Elastic Stack Beats
1

Hello guys!

Please can someone help me.....
I look for a solution that i get my filebeat logs in a perfekt readable log.....

This is how my log look like....but i like different columns (Ip,User) here everything stands in MESSAGE

Sep 24 16:48:04 file01 smbd_audit: personal|10.1.1.135|personal|unlink|ok|/shares/homes/personal/_a

How ca i filter that with logstash can anyone help me please?

Here my logstash config:
input {
beats {
port => 5044
}
}

filter {
if[type] == "log"{
grok{
match => {"message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:[%{POSINT:syslog_pid}])?: %{GREEDYDATA:syslog_message}"}
}
date {
match => ["syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss"]
}
}
}
output {
elasticsearch {
hosts => "localhost:9200"

kind regards
patrick

2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.