카테고리 : IT2/elk stack buytime | 2023. 2. 3. 23:02
[INPUT] input { syslog { port => 9400 } } [FILTER] filter { dissect { mapping => { "message" => "[WAPPLES}: 10 %{[log][type]} 10 %{msg}" } } mutate { gsub => ["msg"," 10 "," & "] gsub => ["msg"," \[ ",":["] } date { match => ["timestamp","MMM dd HH:mm:ss","MMM d HH:mm:ss"] timezone => "Asia/Seoul" locale => "en" target => "timestamp" } if [log][type] == "AUDIT" { dissect { mapping => { "msg" => ..
