I've just found that there are Ingest Pipelines and I was wondering if there is an equivalent template for logstash or maybe if you know how to convert it to logstash format ?
It would be useful especially for the windows security logs
e.g: The last processor of the winlogbeat security ingest pipeline is removing the field event.original, I know how to translate this action in logstash format but for the other processors its look difficult to find the equivalent.
True, but it looks like it hasn't been updated in four years, so I would not be surprised if it is unable to do the conversion on some (much?) of the functionality that has been added to ingest pipelines since then.
bin/ingest-convert.sh --input file:///usr/share/logstash/pipeline/winlogbeat/winlogbeat-8.13.2-security.json --output file:///usr/share/logstash/pipeline/winlogbeat/winlog-security-parser.conf
Exception in thread "main" java.lang.NullPointerException: Cannot invoke "java.util.List.stream()" because "processors" is null
at org.logstash.ingest.IngestPipeline.toLogstash(IngestPipeline.java:44)
at org.logstash.ingest.JsUtil.convert(JsUtil.java:165)
at org.logstash.ingest.Pipeline.main(Pipeline.java:35)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.