Referring a multi level field in Logstash

yuanchuan · August 12, 2022, 9:15am

Hi,

I would like to to do an output to a syslog when a fieldname with the name symantec_endpoint.log.event_description equals to "The....successfully"

The way that I refer the field in my code is not working, need help~!

output {
  if [symantec_endpoint][log][event_description] == "The management server received the client log successfully" {
      syslog {
        host => "196.60.0.22"
        port => 514
        rfc => [ "rfc5424" ]
        protocol => [ "tcp" ]
        appname => "Elastic Stack"
        message => "messssssagesssss"
        facility => "appnameeee"
        codec => "plain"
        priority => "priorityyyyy"
        severity => "serverityyyyy"
        sourcehost => "sourcehosttttt"
        reconnect_interval => "60"
        enable_metric => false
        procid => "procidddddd"
      }
  }
}

Christian_Dahlqvist · August 12, 2022, 9:36am

Please show a sample event that you would expect to match the criteria.

system · September 9, 2022, 9:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.