I am working in a big company, we have lots of responsibility. one of them is to inform Network team. But they are can not understand ELK structure. They have a alert monitoring system that is working when our system is got stuck. They offer us to send logs from logstash to windowsevent. We accepted it. So I need a help with sending logs by using logstash output and grok filtering ( query= level:"Error" and eventid="1796"). Can you help me for this challenge? How can I send logs to windows event (Not from windows event to logstash. Please be careful) by using logstash and grok? My logstash config is :
`input {
file {
type => "json"
path => ["C:/Temp/logs/*.json"]
start_position => "beginning"
codec => "json"
discover_interval => 120
stat_interval => 60
sincedb_write_interval => 60
close_older => 60
}
}
filter {
mutate {
remove_field => [ "path" ]
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["http://loguser:xxyyzz_2017@192.168.1.92:333"]
index => "logstash-%{+YYYY.MM}"
}
}`