FortiGate Firewall

lcguy · April 24, 2018, 8:49am

Works with following config now. Seems like error in kv. After I comment out kv, all works.
Do I need to install something to work with kv filter?

input {
udp {
port => 5514
type => "syslog"
}
}

filter {
mutate {
gsub =>
["message", ": ", ":",
"message", "^<[0-9][0-9][0-9]>", ""]
}

#kv {

field_split => ""," "

#date { match => ["sourcetime","yyyy-MM-dd:HH:mm:ss"]}
}

output {
elasticsearch { hosts => ["localhost:9200"] }
stdout { codec => rubydebug }
}

Topic		Replies	Views
[Working example]Fortigate config for Logstash Logstash	2	16030	December 19, 2017
Logstash - Syslog Help - I am a total pleb Logstash	6	1327	January 2, 2018
Sidewinder Firewall Syslog Logstash	4	535	May 23, 2018
Grok parsing, still not solved Logstash	15	575	March 13, 2019
Fortinet firewall logs in ELK Logstash	4	2897	January 27, 2020