Import text file to logstash

quyennguyen · October 9, 2021, 5:41pm

I had some text files with formats like this.

10/09-22:09:34.989323 [**] [1:100000015:3] "OR SQL Injection Detected" [**] [Priority: 0] {TCP} 192.168.186.25:44748 -> 192.168.186.162:80 10/09-22:09:34.989323 [**] [1:100000015:3] "OR SQL Injection Detected" [**] [Priority: 0] {TCP} 192.168.186.25:44748 -> 192.168.186.162:80 10/09-22:09:34.994995 [**] [1:100000017:4] "Possible DDoS Attack" [**] [Priority: 0] {TCP} 192.168.186.25:44756 -> 192.168.186.162:80 10/09-22:09:34.995210 [**] [1:100000017:4] "Possible DDoS Attack" [**] [Priority: 0] {TCP} 192.168.186.25:44758 -> 192.168.186.162:80 10/09-22:09:34.995481 [**] [1:100000019:5] "Possible Brute Force Attack" [**] [Priority: 0] {TCP} 192.168.186.25:44756 -> 192.168.186.162:80 10/09-22:09:34.995481 [**] [1:100000015:3] "OR SQL Injection Detected" [**] [Priority: 0] {TCP} 192.168.186.25:44756 -> 192.168.186.162:80

I want to send this to logstash and use it in my kibana but I don't really know how to do that.

Anyone help me, please!

zx8086 · October 9, 2021, 6:45pm

You can use the Logstash Input - File

Then you can grok or dissect the data via these filters

and then you can send the filtered result to the Elasticsearch Output.

system · November 6, 2021, 6:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.