I have problem to write pattern to get information on logstash, after [severity "CRITICAL"] i want to get all word have tag before like [tag "language-multi"] [tag "platform-multi"] i will get language-multi and platform-multi but i don't exactly number of tag word, and i just want to get information after tag, if after ver like [ver "OWASP_CRS/3.0.0"] i will dont get.
can solution for my problem?
thanks you all.
[severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "10.84.86.187"] [uri "/"] [unique_id "WGTACH8AAAEAAEQ0krkAAAAQ"]
[severity "CRITICAL"] [ver "OWASP_CRS/3.0.0"] [maturity "1"] [accuracy "8"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-sqli"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"] [hostname "10.84.86.187"]