Here is current config. I'm getting the logs but all have
_grokparsefailure error. I am seeing whole "message" full of long
output.
No need to reinvent the wheel, use the SYSLOGLINE pattern from
https://github.com/logstash-plugins/logstash-patterns-core/blob/master/patterns/linux-syslog
I would like to retrieve, dstip, srcip, srcport, dstport, geoip, etc.
I'd use the kv filter
with include_keys.