we use the USM anywhere SIEM. I exported the logs from the NX log log source and spits it out to a text file.
I am using filebeat to grab this file and send to logstash. I am then struggling to get things parsed in elastic. It is parsing out the Filebeat info, but the original log information is in the "message" field.
I know this would be easier if i could just send NX Log direct to logstash, but i cant. I need to use filebeat to read a txt file and logstash to successfully parse it.
