I visit the following page:
At end of above line, it mentioned to fortinet fields.
My scenario:
I get fortiGate syslog and I can put into elastics. Now I want to jsonify , because I need to search according in kibana.
Question:
How can I assign real fortinet fields to real fields?
UPDATE:
For example : Fortinet Field action is exists. And ECS Field evemt.action exists too. How and Where I assign them togeter?