Hey,
I have seen that multiple people had my problem, but I can't seem to find why did I do wrong. Can someone explain me why this doesn't work.
Log example :
Jun 2 00:00:00 192.168.14.4 date=2016-06-01 time=23:56:05 devname=POPB-FW-01 devid=FG1K2D3I14800220 logid=1059028704 type=utm subtype=app-ctrl eventtype=app-ctrl-all level=information vd="root" appid=40568 user="" srcip=10.20.4.35 srcport=52438 srcintf="VRF-PUBLIC" dstip=125.209.230.238 dstport=443 dstintf="OUT" proto=6 service="HTTPS" sessionid=424666004 applist="Monitor-all" appcat="Web.Others" app="HTTPS.BROWSER" action=pass hostname="lcs.naver.com" url="/" msg="Web.Others: HTTPS.BROWSER," apprisk=medium
Code Logstash :
input {
file {
path => "C:/Users/huhu/Documents/Arena/temp.txt"
start_position => "beginning"
}
}
filter {
grok {
match => {
"message" => "%{SYSLOGTIMESTAMP:timestamp}"
}
}
}
output {
stdout { codec => rubydebug }
}
Thanks in advance