Inserting Custom Logs Into Siem

Nishant_Chauhan · August 4, 2023, 3:35am

Referring to this topic - Inserting Custom Logs Into Siem

I am using Custom Log Integration, using everything as default , I only added custom pattern for below logs.

2023-07-25T08:05:25.661Z  ERRO 1 --- [nio-8080-exec-3] c.i.c.b.c.HealthCheckController          : checkHealth() Returning health status
2023-07-26T08:05:25.661Z  ERRO 1 --- [nio-8080-exec-3] c.i.c.b.c.HealthCheckController          : checkHealth() Returning health status

and below pattern in pipeline

[
  {
    "dissect": {
      "field": "message",
      "pattern": "%{@timestamp}  %{log.level} %{number} --- [%{thread_name}] %{classs} : %{message}"
    }
  },
  {
    "date": {
      "field": "@timestamp",
      "formats": [
        "ISO8601"
      ]
    }
  }
]

I can see all the fields are getting populated in Discover Tab.

However when I create Rules in Security/SIEM Dashboard using this Data View / Fields. they do no work.

I also noticed If i do not use @timestamp in pattern it works for SIEM, however in that way logs are not captured properly.

system · September 1, 2023, 3:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.