Hello, I'm trying to set up my centralized syslog server. I'm forwarding my logs from file beats to my elk server using logstash. Im trying to get the syslog log information to be put into the fields of kibana but its showing up as host of my rsyslog server. How can I filter the information in my syslog to be able to fit in the fields in kibana.
My raw looks like this:
2018-11-06T18:00:00-00:00 server1 systemd: Created slice User Slice of root.
I have been paying with grok but been having no luck in my filter logstash.