New to Logstash need help with config file

parrot · March 7, 2017, 6:28pm

Hello,
I need to create configuration file that this is the input:

2017-02-14T13:39:33+02:00 PulseSecure: 2017-02-14 13:39:33 - ive - [10.16.4.225] dpnini(Users)[] - Testing Password realm restrictions failed for dpnini/Users

and this is the required text file output:

{"timestamp":"2017-02-14T13:39:33+02:00 ","vendor":"PulseSecure","localEventTime":"2017-02-14 13:39:33","userIP":"10.16.4.225","username":"dpnini","group":"Users","vpnMsg":"Testing Password realm restrictions failed for dpnini/Users\r"}

All i know is that i start the logstash with "bin/logstash -f logstash-simple.conf"
also i know that the file that i need to change is YML file inside the config folder.

Thank you!

magnusbaeck · March 9, 2017, 2:58pm

Use a grok filter to parse the input line (use the grok constructor site to get help with the needed expression), then use a file output with a json_lines codec.

also i know that the file that i need to change is YML file inside the config folder.

I don't see why you'd have to change any YAML file to accomplish what you want.

system · April 6, 2017, 2:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.