Hmm I think I have to explain again what I want to do.
I want to greate fields for the information which is in the message field.
The message looks like that: WinFileService Event: Delete, Path: /Privat/asd, File/Folder: Folder, Size: NA, User: Hispeed, IP: 192.168.0.29
So my idea was to do it via KV Filter. Then i switched to the grok filter. I want to have in the end the following fields:
- WinFileService Event
- Path
- File/Folder
- Size
- User
- IP
In the end I can then filter in Kibana for those fields. Because I'm still learning I started with the first field and not all together.
Which solution is the best to do that: grok or kv?