Have several beats now working, but running up against this trainwreck of a log. My understanding is that since I have several beats going I need to "transform" the log on the filebeat side before it gets shipped out?
Honestly I am not even sure how to start if it is even possible. Below is an example of the log:
I had to post the log in a picture format because the forum software was applying some formatting I could not remove.
This terrible structure list events in blocks or paragraphs. Each unique event is preceded by a new blank line, next line, several spaces then the 389-Directory header portion. To make matters worse, each block has the possibility of extra events which are denoted by a preceding -
I am still recovering from my tour with Grok filters, so I am kind of looking for a little hand holding here to get started.