Hi ,
We are running a powershell script to monitor the expiry dates of around 200 certificates which will write the script output on the system event logs of one of our windows servers as below;
Origin=SERVER001.co.net, SSLExperationDate=5/16/2020 7:59:59 PM, Days Remaining: 580 days ,Issuer=GeoTrust SSL CA - G3
Origin= SERVER002.co.net, SSLExperationDate=8/26/2019 4:20:31 AM, Days Remaining: 315 days ,Issuer=GeoTrust SSL CA - G3
Origin= SERVER003.co.net, SSLExperationDate=12/11/2020 3:07:44 PM, Days Remaining: 789 days ,Issuer=GeoTrust SSL CA - G3
Now our management wants to setup a dashboard on these certificates as per their expiry dates in a descending order in a table format which should consist 2 columns (Origin and Days Remaining)
“Origin” columns should contain certificate server names like SERVER001.co.net, SERVER002.co.net, SERVER003.co.net, SERVER004.co.net etc…
“Days Remaining” column should contain number of days remaining for certificate expiry like 580, 315, 789 etc…
Now can some body please provide us the kibana search query so that we can accomplish this. Actually in splunk there is something called “rex” - a search-time field extractor which would help us in creating the new fields out of any event log sentence. As we are very new to ELK stack we could not find any query command which is alternative to this rex command. Can some please help on this?