Logstash delete double quotes and parsing

I made a grok filter for the string:
2018-12-10T16:35:50+06:00 2018 ZyWall src="192.168.0.202:57092" dst="173.194.32.197:443" msg="Match default rule, DROP" note="ACCESS BLOCK" user="unknown" devID="04bf6d1fb9a1" cat="Security Policy Control" class="Access Control" ob="0" ob_mac="000000000000" dir="ANY:ANY" protoID=6 proto="others"
I need to index this line, I applied the grok filter:
filter {
grok {
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp8601} %{YEAR:god} %{HOSTNAME:hostname} src=%{QS:src_ip} dst=%{QS:dst_ip} msg=%{QS:msg} note=%{QS=note} user=%{QS:user} devID=%{QS:devID} cat=%{QS:cat} class=%{QS:class}" }

Post in kibana:
tags:
_grokparsefailure
But I see logs in kibana as well as before.

I need to remove all quotes from the log, how to do it? I tried:
mutate { gsub => '"', ''}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.