Referring a multi level field in Logstash

yuanchuan · August 12, 2022, 9:15am

Hi,

I would like to to do an output to a syslog when a fieldname with the name symantec_endpoint.log.event_description equals to "The....successfully"

The way that I refer the field in my code is not working, need help~!

output {
  if [symantec_endpoint][log][event_description] == "The management server received the client log successfully" {
      syslog {
        host => "196.60.0.22"
        port => 514
        rfc => [ "rfc5424" ]
        protocol => [ "tcp" ]
        appname => "Elastic Stack"
        message => "messssssagesssss"
        facility => "appnameeee"
        codec => "plain"
        priority => "priorityyyyy"
        severity => "serverityyyyy"
        sourcehost => "sourcehosttttt"
        reconnect_interval => "60"
        enable_metric => false
        procid => "procidddddd"
      }
  }
}

Christian_Dahlqvist · August 12, 2022, 9:36am

Please show a sample event that you would expect to match the criteria.

system · September 9, 2022, 9:36am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash syslog output message => %{_source} Logstash	2	603	April 30, 2019
Syslog output plugin and dynamic values Logstash	7	3315	July 6, 2017
How to refer to subfield in logstash Logstash	3	6681	April 19, 2017
Logstash, syslog, ECS and Kibana Logs / SIEM Logstash	5	824	June 30, 2021
[Logstash 7.2] Syslog Output message Logstash	2	1015	August 30, 2019

Referring a multi level field in Logstash

Related topics