Hello, I'm trying to use the following grok filter, but I'm getting a message saying it's in an invalid json format, but I think my filter is written correctly. can you help me with this?
filter:
(%{TIMESTAMP_ISO8601:time})%{NOTSPACE} firewall: msg_id=\\"%{DATA:msg_id}\\" %{DATA:action} %{DATA:source} %{DATA:if} %{DATA:number1} %{DATA:protocol} %{DATA:number2} %{DATA:number3} %{IP:srcip} %{IP:destip} %{NUMBER:srcport} %{NUMBER:destport} offset %{NUMBER:number4} %{DATA:word1} %{NUMBER:number5} win %{NUMBER:number6}%{SPACE}signature_name=\\"%{DATA:signature_name}" signature_cat=\\"%{DATA:signature_cat}" signature_id=\\"%{DATA:signature_id}\\" severity=\\"%{NUMBER:severity}\\" sig_vers=\\"%{NUMBER:sig_vers}\\"%{SPACE}geo_src=\\"%{WORD:geo_src}\\"%{SPACE} geo_dst=\\"%{WORD:geo_dst}\\"%{SPACE}msg=\\"%{DATA:msg}\\"%{SPACE}%{GREEDYDATA:msg2}
obs: I'm using the ingest pipeline menu in kibana