Hi
I configured the logstash with kv filter and it is not working
When I simply add the argument:
kv {
source => "syslog_message"
field_split => " "
}
The logstash stops working and I see no logs in kibana
When I remove it and restart the services and logs back to work
This is the working argument:
if [type] == "forti_log" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
And this is with the kv , (non working argument)
if [type] == "forti_log" {
grok {
match => { "message" => "%{SYSLOGTIMESTAMP:syslog_timestamp} %{SYSLOGHOST:syslog_hostname} %{DATA:syslog_program}(?:\[%{POSINT:syslog_pid}\])?: %{GREEDYDATA:syslog_message}" }
add_field => [ "received_at", "%{@timestamp}" ]
add_field => [ "received_from", "%{host}" ]
}
kv {
source => "syslog_message"
field_split => " "
}
syslog_pri { }
date {
match => [ "syslog_timestamp", "MMM d HH:mm:ss", "MMM dd HH:mm:ss" ]
}
}
And this is the log I'm receiving from the firewall:
What should I do / how should I troubleshoot the issue ?
I'm new to Kibana so I'm sorry in advance if I did a huge mistake posting this 
Thanks
