Inserting Custom Logs Into Siem

Nishant_Chauhan · August 4, 2023, 3:35am

Referring to this topic - Inserting Custom Logs Into Siem

I am using Custom Log Integration, using everything as default , I only added custom pattern for below logs.

2023-07-25T08:05:25.661Z  ERRO 1 --- [nio-8080-exec-3] c.i.c.b.c.HealthCheckController          : checkHealth() Returning health status
2023-07-26T08:05:25.661Z  ERRO 1 --- [nio-8080-exec-3] c.i.c.b.c.HealthCheckController          : checkHealth() Returning health status

and below pattern in pipeline

[
  {
    "dissect": {
      "field": "message",
      "pattern": "%{@timestamp}  %{log.level} %{number} --- [%{thread_name}] %{classs} : %{message}"
    }
  },
  {
    "date": {
      "field": "@timestamp",
      "formats": [
        "ISO8601"
      ]
    }
  }
]

I can see all the fields are getting populated in Discover Tab.

However when I create Rules in Security/SIEM Dashboard using this Data View / Fields. they do no work.

I also noticed If i do not use @timestamp in pattern it works for SIEM, however in that way logs are not captured properly.

system · September 1, 2023, 3:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to create a Security Rule (SIEM) for Custom Logs Integration Elastic Security	1	131	August 23, 2023
Custom Rules not working SIEM elastic-stack-alerting	8	1468	January 13, 2021
How can i parse my logs using custom log integration Elastic Agent integrations	1	117	July 2, 2024
Inserting Logs into SIEM SIEM	3	1065	July 31, 2019
Include custom Elasticsearch index in SIEM default dashboards SIEM	15	2091	August 4, 2020

Inserting Custom Logs Into Siem

Related topics