I want to monitor a log containing ISO 5853, I have succeeded in parsing the ISO log into single line, then how do I parse it according to ISO 5853 standards? Is there a plugin program or something else that can fit it into elastic? Thank you
This the example ISO data in single line
0210F33840098A81840000000000040000041660349402371542770110000001000000000224101000000000004280881010000224601101110011034510645000500048142808800ATM15104012FT20055TKLCM3600201002360C034426916973107004089434003451
You need to provide more context about what is ISO 8583, what this logs means and what you want to extract from it.
Also, it is 8583 or 5853?
For what I understood, it is a message where each position can represent a field or an information, if so, the only thing that would help you parse this is the ruby filter in Logstash.
You would need to write a ruby script that would slice your string and get the information for each position, but I think that it is easier to do this outside Logstash, write some tool your preferred language to parse the file and them give logstash the parsed file to consume.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.