카테고리 : IT2/elk stack buytime | 2023. 2. 2. 07:58
[INTPUT] input { syslog { port => 9406 grok_pattern => "%{GREEDYDATA:message}" } } [FILTER] filter { mutate { remove_field => ["facility", "priority", "severity"] gsub => ["message","\u0000",""] } dissect { mapping => { "message" => "1 %{syslogtime} [%{[event][type]}] [%{send_ip}] %{mesg}" } } if [event][type] == "raw" { mutate { split => ["mesg",","] add_field => { "starttime" => "%{[mesg][0]}"..
