Hi All,
Iam using ELastic stack to store our syslog-ng logs, so I was able to get the logs into elasticsearch, which is perfect. So I thought I could go one further more to parse the message field , but the problem is
Certain times I get the message which has field split of space , sometimes comma and for value split i receive it certain messages use equal sign and some use colon .
Fo example:
In this its separated by colon and then space
spamd: setuid to vmail succeeded
In this its separated by comma and then value splitted by equal sign
action=pass, reason=client AWL, client_name=m.web.in, client_address=.1.6.1, sender=ren@we.i, recipient=arn@g-net.
In this it uses ><
EA79A800A7: message-id=15fb@webjas.sr.aol
In this it uses both colon and equal sign and field split uses space
pop(oelg@sbj): Disconnected: Logged out top=0/0 retr=0/0 del=0/25 size=1740767
I know since i receive the logs from different sources ,its understood I get in this format ,but how to complete this task in elasticsearch with use of logstash.
Could anyone help me to figure out this issue.
Thanks,
Raj