s.essa
(Sam)
November 24, 2017, 8:34pm
1
Can the Elastic Stack accept and parse logs in French?
The logs would be coming from equipment that is configured in french and, for example, fields will be arriving in french.
Can ES parse these properly?
As far as I can tell, it would simply require the proper configuration of LogStash pipelines.
Is this accurate? If you could shed some light on this, I'd be grateful.
If you need any information, just ask!
dadoonet
(David Pilato)
November 24, 2017, 9:49pm
2
WDYM by « in french »?
Can you share an example ?
s.essa
(Sam)
November 27, 2017, 2:25pm
3
Hello David,
What I mean is that the field names will be in French, for example:
instead of "host (origin): IP" the log will say "hôte (origine) : IP"
Thanks for the reply.
dadoonet
(David Pilato)
November 27, 2017, 8:28pm
4
I don't see any problem of parsing that.
Do you have any issue?
s.essa
(Sam)
November 27, 2017, 8:50pm
5
Well, no because I haven't tried it yet. I'm still debating on the use of ELK in our environment and have very little experience with parsing logs.
I guess I have 2 questions now,
Is there a way to transform these logs into a standardized format, or will that have to be developed?
(More generally) Is there such a thing as automatic log acceptance or does the pipeline have to be configured for each log type?
dadoonet
(David Pilato)
November 28, 2017, 12:47pm
6
Is there a way to transform these logs into a standardized format, or will that have to be developed?
If your application can generate OOTB JSON logs, then that will be easier.
But this is not the case here I guess.
Logstash is indeed one way to parse logs using a grok filter. You can also use an ingest pipeline in elasticsearch using Grok as well.
Is there such a thing as automatic log acceptance or does the pipeline have to be configured for each log type?
You need to configure a pipeline per log type.
s.essa
(Sam)
November 28, 2017, 2:18pm
7
Thanks a tonne, David. If you don't mind, could you answer a couple more questions?
Are there any other ways?
Is there some way to preserve/access the raw log after it has been transformed by Logstash?
dadoonet
(David Pilato)
November 28, 2017, 2:45pm
8
By default logstash keeps the original message intact in message field.
s.essa
(Sam)
November 28, 2017, 5:26pm
9
David, you have been incredible, thank you.
This all seems like it's very basic and I hate to waste your time. Is there some place I can find information like this? I looked through the documentation but it is too general for me. I need something a little more specific like the questions I'm asking you.
dadoonet
(David Pilato)
November 28, 2017, 9:05pm
10
I think that Logstash Reference guide has a good chapter about this: https://www.elastic.co/guide/en/logstash/current/first-event.html
system
(system)
Closed
December 26, 2017, 9:05pm
11
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.