Help with filter

rocanelo · July 2, 2020, 12:28am

Dear community
I have the next logs:

<6> CEF:0|A10|TH1040S|4.1.4-GR1-P2|WAF62|filter-resp-hdrs|6|rt=Jul 01 2020 20:14:29 src=X.X.X.X spt=36230 dst=X.X.X.X dpt=443 dhost=axd341sas12jf.enjoy.cl cs1=WAF_TEST cs2=8e139634be358ee9 act=sanitize cs3=learn app=HTTPS requestMethod=GET cn1=2 request=/crm.secciones/api/cms/Secciones/Seccion/GetUnidadHeader?idUnidad=3&idIdioma=1 msg=Header Server filtered

I'm using kv and work fine, but I need extract the data in column "filter-resp-hdrs" this field is changing accord the event, I'm try using gork but was not suscefuly.
what do you suggest??

best regards.

chitreshg · July 2, 2020, 5:06am

can you give the example of how do you want to form the data, what are the fields and respected value you require?

ptamba · July 2, 2020, 5:13pm

take a look at cef codec

https://www.elastic.co/guide/en/logstash/current/plugins-codecs-cef.html

system · July 30, 2020, 5:13pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.