HI ,
I am new to ealsticsearch , and installed docker version . I want to start with log pattern match development for example audit log for user login . Can anyone share how do I start , which tools is good for it . Thank for you help in advance . My audit log patter is similar below example
TID: [-1234] [2025-02-03 00:00:24,328] [a5fe5708-458c-480d-9d97-2e45d581e2b0] INFO {AUDIT_LOG} - Initiator : xxxnamexxx | Action : LoginStepSuccess | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "6e01a5d2-4bd4-4b10-a974-03f6b087fc7d","AuthenticatedUser" : "xxxnamexxx","AuthenticatedUserTenantDomain" : "carbon.super","ServiceProviderName" : "myportal_web","RequestType" : "cas","RelyingParty" : "myportal_web","AuthenticatedIdP" : "ADFS4_PROD","UserStoreDomain" : "null","User Agent" : "null","RemoteAddress" : "null" } | Result : Success
TID: [-1234] [2025-02-03 00:00:24,360] [a5fe5708-458c-480d-9d97-2e45d581e2b0] INFO {AUDIT_LOG} - Initiator : xxxnamexxx | Action : Login | Target : ApplicationAuthenticationFramework | Data : { "ContextIdentifier" : "6e01a5d2-4bd4-4b10-a974-03f6b087fc7d","AuthenticatedUser" : "xxxnamexxx","AuthenticatedUserTenantDomain" : "null","ServiceProviderName" : "myportal_web","RequestType" : "cas","RelyingParty" : "myportal_web","AuthenticatedIdPs" : "eyJ0eXAiOiJKV1QiLCAiYWxnIjoibm9uZSJ9.eyJpc3MiOiJ3c28yIiwiZXhwIjoxNzM4NTEyMDI0MzMxMzAwMCwiaWF0IjoxNzM4NTEyMDI0MzMxLCJpZHBzIjpbeyJpZHAiOiJBREZTNF9QUk9EIiwiYXV0aGVudGljYXRvciI6IlNBTUxTU09BdXRoZW50aWNhdG9yIn1dfQ==.","UserStoreDomain" : "null","User Agent" : "null","RemoteAddress" : "null" } | Result : Success