Hi, I am trying to write a syslog collector for to store logs from a Cisco CUCM into elasticsearch. Cisco CUCM sends audit logs and alarms as syslog to my logstash server for different system and application events. The problem is that Cisco CUCM uses a different format of log for different alarm…

Syslog - logs contain dynamic fields(parameters) based on event type, how to index?

Badger June 8, 2020, 2:12pm 2

I would use dissect to parse off the start of the message, then a kv filter. Something like this.

Topic		Replies	Views
I have configuration of logstash for syslog , it is collecting from multiple devices, how can i create separate indices for each device Logstash elastic-stack-monitoring	3	132	April 13, 2024
Parsing Syslog to Logstash Logstash	6	489	March 10, 2020
Logstash and syslog messages from Cisco UCS Logstash	3	1822	June 2, 2017
If I have syslogs from multiple types of devices and multiple ILM policies, how should I structure these? Elasticsearch	1	323	October 14, 2019
The collection of syslog incorrect Logstash	1	777	February 22, 2018