How to get systemId field value using logstash-input-azure_blob_storage? please HELP!
The Azure NSG log format is described here:
my logstash.conf file contents:
input {
azure_blob_storage
{
storageaccount => "tfintegration"
access_key => "correct access_key"
container => "insights-logs-networksecuritygroupflowevent"
codec => "json"
logtype => "nsgflowlog"
prefix => "resourceId=/"
registry_create_policy => "resume"
interval => 10
}
}
output {
file {
path => "/tmp/s21"
}
}
sample record in /tmp/s21 (it does not have systemId):
{"@timestamp":"2020-03-07T14:31:05.563Z","@version":"1","message":"{"subscription":"3AA9C5F1-91B2-4438-960A-16FB1B3B43F3","resourcegroup":"DEFAULTRESOURCEGROUP-EUS","nsg":"TFINTEGRATIONVM1-NSG","rule":"DefaultRule_DenyAllInBound","unixtimestamp":"1583591307","src_ip":"185.176.27.98","dst_ip":"10.1.0.4","src_port":"43018","dst_port":"11291","protocol":"T","direction":"I","decision":"D","flowstate":"B","src_pack":null,"src_bytes":null,"dst_pack":null,"dst_bytes":null}"}