Hi, I am trying to write a syslog collector for to store logs from a Cisco CUCM into elasticsearch. Cisco CUCM sends audit logs and alarms as syslog to my logstash server for different system and application events. The problem is that Cisco CUCM uses a different format of log for different alarm…

Syslog - logs contain dynamic fields(parameters) based on event type, how to index?

Badger June 8, 2020, 2:12pm 2

I would use dissect to parse off the start of the message, then a kv filter. Something like this.

Topic		Replies	Views
I have configuration of logstash for syslog , it is collecting from multiple devices, how can i create separate indices for each device Logstash elastic-stack-monitoring	3	130	April 13, 2024
Parsing Syslog to Logstash Logstash	6	475	March 10, 2020
Syslog output plugin and dynamic values Logstash	7	3312	July 6, 2017
Logstash, syslog, ECS and Kibana Logs / SIEM Logstash	5	816	June 30, 2021
Logstash parsing syslog to different indices depending on source hosts Logstash	6	5280	August 8, 2017