Good evening,
I just started working with elk and I'm facing the issue of decoding/filter/split the cef file
as you can see in the pic the CEF file contains some security alerts information
which filter should i use to extract the data and get it to appear as separate fields on kibana
P.S: My conf file filter section is still empty I just need some guidance on how to proceed.
Have a look at the Logstash CEF codec. If you configure your input to use this codec, the relevant fields should already be split out of the message. You can then use additional filters if needed to further process your data.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.