Hi,
I have a log file that I need to parse. I'm forwarding the log from a remote server using FileBeat. My log file content looks like this:
ip address, data (characters and numbers).
My logstash conf file looks like this:
input {
beats {
port => "5043"
}
}
filter {
geoip {
source => "message"
}
}
output {
elasticsearch {
hosts => ["10.10.10.10:9200"]
index => "test"
}
}
I can see my log data using Kibana under the "test" index. My log content is inside the message field. I'm familiar with REGEX but what is the syntax that I need to add to my logstash conf file that will allow me to create custom fields for IP or anything else? I'd like to be able to see an IP field when looking in Kibana as I see the message field.
Thanks,
Mo