Hello, I'm new to grok i want to put cisco fire power 2130 logs to elasticsearch I'm getting 6 types of different log lines so how do i write grok filter I'd created 6 different grok filter and checked by grok debugger all are working but I'm unable to put the filter in grok I want to know how t…

Grok help with cisco firepower 2130

Badger January 3, 2020, 3:41pm 4

I would use dissect to parse the first 2 fields, then dissect to parse the rest of the line. See this for an example.

Topic		Replies	Views
Newbie: Grok Pattern for Cisco FirePower Conf file Logstash	4	4818	July 6, 2017
Grok help needed Logstash	7	367	June 3, 2022
Logstash Grok Pattern Watchguard Firewall Elasticsearch	7	802	October 13, 2023
Filter Sonicwall Logstash Logstash	1	812	July 20, 2020
Filter firewall : Fortigat Logstash	5	387	June 12, 2018

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Grok help with cisco firepower 2130

Related topics