Hi there, we're looking into leveraging Logstash to forward our system logs to our SIEM, QRadar. I wanted to know if there is a way to filter out specific events with Logstash before forwarding onto QRadar.
Sure there is a way, as Badger suggested. If you post here a concrete example of what your input is and how you wanna filter it we might help you even further.
Thank you both! I don't have any concrete examples yet... We are looking at this to forward to our SIEM, but we don't have it setup yet. Just making sure I have the capability to filter out specific events that we don't need to ingest into the SIEM to control costs. When I do get some events, I will circle back here.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.