Good afternoon.
I am starting in ELK issues and I have a question that I hope you will help me solve.
I am sending logs from a cisco 5520 controller to a server (udp: 514) but when I receive the log with filebeat I get the following error
"
ago 13 16:05:16 srvsyslog filebeat[25982]: 2020-08-13T16:05:16.519-0500 ERROR [syslog] syslog/input.go:243 can't parse event as syslog rfc3164 {"message": "<46>MX_CWLC_MAN_FIN: *rsyncmgrXferTrasport: Aug 13 16:03:20.622: %LOG-6-Q_IND: [SS]dtl_arp.c:1544 Unable to add an ARP entry for 81.4.111.10 to the operating system "
I can receive it in kibana but I don't know how to extract the information from the message, I tried the cisco module but it is the same
any ideas how to separate the message with filebeat?
