New to Logstash need help with config file

parrot · March 7, 2017, 6:28pm

Hello,
I need to create configuration file that this is the input:

2017-02-14T13:39:33+02:00 PulseSecure: 2017-02-14 13:39:33 - ive - [10.16.4.225] dpnini(Users)[] - Testing Password realm restrictions failed for dpnini/Users

and this is the required text file output:

{"timestamp":"2017-02-14T13:39:33+02:00 ","vendor":"PulseSecure","localEventTime":"2017-02-14 13:39:33","userIP":"10.16.4.225","username":"dpnini","group":"Users","vpnMsg":"Testing Password realm restrictions failed for dpnini/Users\r"}

All i know is that i start the logstash with "bin/logstash -f logstash-simple.conf"
also i know that the file that i need to change is YML file inside the config folder.

Thank you!

magnusbaeck · March 9, 2017, 2:58pm

Use a grok filter to parse the input line (use the grok constructor site to get help with the needed expression), then use a file output with a json_lines codec.

also i know that the file that i need to change is YML file inside the config folder.

I don't see why you'd have to change any YAML file to accomplish what you want.

Topic		Replies	Views
Something is wrong with you config Logstash	4	413	July 8, 2019
Send logstash events to log file problem Logstash	2	329	July 12, 2018
Debug code of file config to get log Logstash	2	381	July 6, 2017
Logstash config issue for a custom log file Logstash	9	898	August 3, 2018
File input to grok filter to elasticsearch output Logstash	4	1754	November 22, 2017

New to Logstash need help with config file

Related topics