Hello,
I'm trying to write a logstash plugin for Symantec. JSON isn't an option for this product. Here's an example of the log I'm trying to parse. In actual product, this log will have many more fields.
SymantecServer: Potential risk found,IP Address: 10.2.3.4,Computer name: MyDesktopComputer,Source: Auto-Protect scan,Risk name: WS.Reputation.1,Occurrences: 1
Is there some nice, easy way to pullout fields without using the csv filter? Some usage of the split function on the message itself that results in populated fields? Because the above log is going to have 50+ fields in multiple formats, I'm trying for the past of least resistance here. Any advice you can give I would appreciate. The work I'm currently doing is very likely going to result in a working Symantec Semp logstash plugin that I will share on github.