I am working with logstash filter
no filter works here
here is the config file of logstash
`
input {
tcp {
id => "***"
port => ***
codec => json_lines
}
}
filter {
cipher {
algorithm => "aes-128-cbc"
key => "0123456789abcdef0123456789abcdef"
iv => "0123456789abcdef"
mode => "encrypt"
key_size => 128
base64 => true
source => "[try][name]"
target => "[try][encrypted_name]"
}
mutate {
add_field => {"debug_encrypted_name" => "%[[try][encrypted_name]]"}
}
}
Output section
output {
tcp {
id => ""
host => ""
port => ***
codec => "json_lines"
}
# By uncommenting the “stdout” lines below, outgoing event data is written to the log which can be accessed via the UI.
# This can be quite convenient when debugging the configuration by allowing instant access to the event data after it has passed through.
# Please note that after debugging, “stdout” has to be deactivated by setting it as comment.
stdout {
codec => rubydebug { metadata => true }
}
}
`
below is the python code used to push sample data to elk:
`
import json
import socket
import time
import os, sys
import subprocess
import logging
import re
data = {
'name': 'John Doe',
'age': 35,
'email': 'johndoe@example.com'
}
hit_dict = {}
hit_dict['try'] = data
hit_dict['secret'] = '****' //secret key to index
json_string = json.dumps(hit_dict)
print(hit_dict)
try:
print("HI")
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('****', ***)
sock.connect(server_address)
print("connected")
sock.sendall(json_string.encode())
#sock.post(server_address,json.dumps(hit_dict, sort_keys=True))
except Exception as e:
print("An error occurred while sending the data",e)
finally:
print("done")
sock.close()
`
so results are:
able to see the same data in discover tab of elk but couldnt add extra field
help provided is appreciated!