Hi Team,
I am forwarding aws cloudtrail logs to ES-5.5 and it is forwarded by logstash-5 (using cloudtrail plugin). While preparing visualizations, i realized that for some events "responseElements" field is not organized, it's in array format.
e.g.: i am expecting fields:
responseElements.ipAddressType
responseElements.vpcId
My question is, can we visualize such data in Kibana, if yes how?
Or
Do i need to work on logstash to organized it more? --- i was assuming logstash-cloudtrail plugin would do this job.
e.g.: "eventName": "DescribeLoadBalancers"
below is not a complete response:
"responseElements": "{"loadBalancers": [{"ipAddressType": "ipv4", "vpcId": "vpc-1111111", "loadBalancerArn": "arn:aws:elasticloadbalancing:us-west-2:1111:loadbalancer/net/quuuuuuuulb/4ckkkkkkkk", "type": "network", "state": {"code": "active"}, "dNSName":
Thanks & Regards...