Hi everyone,
I try to do logstash filtering, where i can get only couple lines from suricata's eve.json file. It have lot of information, but i want only like a " source ip, dest. ip etc" info to kibana. Any help ?
Thank you.
-Tony
More details please. What do your events currently look like? What would you like them to look like instead?