We are running a powershell script to monitor the expiry dates of around 200 certificates which will write the script output on the Appication event logs of one of our windows servers as below;
Certificate=SERVER001.co.net, SSLExperationDate=5/16/2020 7:59:59 PM, Days Remaining: 580 days ,Issuer=GeoTrust SSL CA - G3
Certificate = SERVER002.co.net, SSLExperationDate=8/26/2019 4:20:31 AM, Days Remaining: 315 days ,Issuer=GeoTrust SSL CA - G3
Certificate = SERVER003.co.net, SSLExperationDate=12/11/2020 3:07:44 PM, Days Remaining: 789 days ,Issuer=GeoTrust SSL CA - G3
Now our management wants to setup a dashboard on these certificates as per their expiry dates in a descending order in a table format which should consist 2 columns (Certificate and Days Remaining)
“Days Remaining” column should contain number of days remaining for certificate expiry like 580, 315, 789 etc…
What we did so far is : Installed the “WinLogBeat” on this server where the events are being written and forwarded all the events to one more server where ELK stack has been setup.
WinLogBeat is sending the event log data to logstash and logstash is forwarding these events to Kibana and we are able to see all the events logs in the Discovery Tab of Kibana now.
Now to visualize the logs as per our management need (in a table format) we need to create new fields out of that above event logs.
Actually in splunk (We were using splunk earlier) there is something called “rex” - a search-time field extractor which would help us in creating the new fields out of any event log sentence.
But as per the ELK documents we came know that these new fields need to be extracted from the logstash itself before sending them to Kibana, but there is no tutorial or examples on how to do it.
Can someone please explain us on how to accomplish this, as we are very very new to this ELK platform.