Hi
I created conf file in logstash to receive cef input and then send this event by using output cef. I got the cef event successfully as input. however, I found that the output is sent to acrsight connector but only with the following data
0|Elasticsearch|Logstash|1.0|Logstash|Logstash|6|
Why the fields in the input event is not included??
Below is the conf file
input
{
stdin{
codec => cef
}
}
output
{
udp
{
host => ["x.x.x.x"]
port => "516"
codec => cef
}
}
x.x.x.x is the arcsight connector listen on port 516 udp