Hello guys,
Filbeat shipping eve.json to logstash and logstash dynamically maps fields and sends to Elasticsearch.
Unfortunately, these logs are too much, lots of useless information for my project so I would like to create a template and load it with just simple information like src_ip, dest_ip, dns_cname record, geoip, alerts, http_user_agent.
How can I do that? I'm doing my research for my studies, please help.