Hello,
What input plugin could I use to decipher the following on logstash? I want to be able to do some grok on the message field and it would be much easier and shorter if I deciphered it first...
\u00002\u00000\u00002\u00000\u00001\u00001\u00002\u00006\u0000 \u00001\u00002\u00004\u00006\u00005\u00009\u0000\t\u0000V\u0000i\u0000r\u0000u\u0000s\u0000/\u0000s\u0000p\u0000y\u0000w\u0000a\u0000r\u0000e\u0000 \u0000'\u0000E\u0000I\u0000C\u0000A\u0000R\u0000-\u0000A\u0000V\u0000-\u0000T\u0000e\u0000s\u0000t\u0000'\u0000 \u0000h\u0000a\u0000s\u0000 \u0000b\u0000e\u0000e\u0000n\u0000 \u0000d\u0000e\u0000t\u0000e\u0000c\u0000t\u0000e\u0000d\u0000 \u0000i\u0000n\u0000 \u0000\"\u0000C\u0000:\u0000\\\u0000U\u0000s\u0000e\u0000r\u0000s\u0000\\\u0000a\u0000d\u0000m\u0000i\u0000n\u0000i\u0000s\u0000t\u0000r\u0000a\u0000t\u0000o\u0000r\u0000\\\u0000D\u0000o\u0000w\u0000n\u0000l\u0000o\u0000a\u0000d\u0000s\u0000\\\u0000e\u0000i\u0000c\u0000a\u0000r\u0000c\u0000o\u0000m\u00002\u0000.\u0000z\u0000i\u0000p\u0000\\\u0000e\u0000i\u0000c\u0000a\u0000r\u0000.\u0000c\u0000o\u0000m\u0000\"\u0000.\u0000\r\u0000"
Text value:
20201126 124659 Virus/spyware 'EICAR-AV-Test' has been detected in "C:\Users\administrator\Downloads\eicarcom2.zip\eicar.com".
As you can see there is padding or null characters in front of each character and also escaped characters
I know it's possible to use gsub etc to remove the unnecessary data, but I could easily substitute something I don't want to mistakenly as I don't know the exact format of every possible message that will occur.
ElasticSearch deciphers it perfectly when it is indexed in the 'table' view I can clearly see the text but the 'json' view shows the ciphered text.
Any ideas?
Thanks in advance!!