I am struggling to find an appropriate GROK pattern to appropriately dissect my log that is being generated by the xpack Audit.
My Logs currently look like
{"type":"audit", "timestamp":"2023-09-07T14:34:58,359+0100", "node.id":"MFOk8jclQlW3-fVz7xHghQ", "event.type":"transport", "event.action":"access_granted", "authentication.type":"REALM", "user.name":"kibana_system", "user.realm":"reserved", "user.roles":["kibana_system"], "origin.type":"transport", "origin.address":"xx.xx.xx.xxx:xxxxx", "request.id":"5f7V2f5HQWeMIdi3B1qcZQ", "action":"cluster:monitor/nodes/info[n]", "request.name":"NodeInfoRequest"}
I am quite surprised that there doesn't appear to be a pre-written filter for this, given that it is the log generated by elastic.
Can anyone provide any advice