Hello all,
I'm completely new to Elastic/ELK.
Currently I'm playing arround with some syslog output from a Sophos UTM network firewall.
I successfully get the data via filebeat module for sophos into the stack.
But most of the logoutput is in one string and not cut into pieces like I need it.
Below in the screenshot you can see the event.original field in which is every data.
How can I cut this into pieces?
Regards
3lastic