Hello, I'm new to grok i want to put cisco fire power 2130 logs to elasticsearch I'm getting 6 types of different log lines so how do i write grok filter I'd created 6 different grok filter and checked by grok debugger all are working but I'm unable to put the filter in grok I want to know how t…

Grok help with cisco firepower 2130

Badger January 3, 2020, 3:41pm 4

I would use dissect to parse the first 2 fields, then dissect to parse the rest of the line. See this for an example.

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.