Hi,
I'd like to create a counter that adds another value ("1" or "one") to an existing string. If in my log there are 3 lines with the occurrence of the word 'low', then each time I will increase the variable value '1'. The value of my variable should look like "111".
My log file look like this and comes in one second:
root: 192.168.1.10|unknown (66/tcp)|92567|Low|description|
root: 192.168.1.10|unknown (26/tcp)|92567|Low|description|
root: 192.168.1.10|unknown (56/tcp)|92567|Low|description|
my grok config:
grok {
match => ["message", "%{IPV4:host_ip}|%{DATA:protokol_port}|%{NUMBER:nessus_id}|%{WORD:threatlvl}|%{DATA:description}|"]
}