Hello,
On a locally installed version with ELK I'm using logstash with filters to create some new filed from message pulled from an xml file using filebeat.
Here are the filters
xml{
source => "message"
store_xml => false
target => "open_ports"
xpath => [
"/host/address/@addr", "host_IP_address",
"/host/hostnames/hostname/@name", "host_name",
"/host/ports/status/@state", "Host_status",
"/host/ports/port/@portid", "Port_number",
"/host/ports/port/state/@state", "Port_state"
]
}
How can I do the same on cloud version? Because as far as I know logstash is not a part of elk cloud version.
Could some one help me here please!
Sample data
<host starttime="1560311582" endtime="1560311662"><status state="up" reason="user-set"
reason_ttl="0"/>
<address addr="x.x.x.x" addrtype="ipv4"/>
<hostnames>
<hostname name="local.text" type="PTR"/>
</hostnames>
<ports><extraports state="open|filtered" count="208">
<extrareasons reason="no-responses" count="208"/>
</extraports>
<extraports state="filtered" count="44">
<extrareasons reason="no-responses" count="44"/>
</extraports>
<port protocol="tcp" portid="80"><state state="open" reason="syn-ack" reason_ttl="58"/>
<service name="http" method="table" conf="3"/></port>
<port protocol="tcp" portid="443"><state state="open" reason="syn-ack" reason_ttl="58"/>
<service name="https" method="table" conf="3"/></port>
</ports>
<times srtt="2687" rttvar="611" to="100000"/>
</host>
Thank you!