Our great sponsors
-
Essentially I've got 2 sets of standard JSON files that I'm trying to ingest into a dockerized ELK stack. The first set was downloaded cloudflare logs, standard line separated JSON data, tried to use Filebeat to ingest and it kept prefixing the JSON data with some dumb ECS event data, basically exactly what this post describes if its easier to see in pics. All of the cloudflare data was nested within the event.original field and would not get mapped. But once I tried to use just logstash directly, it was fine and mapped correctly and no more event data.
NOTE:
The number of mentions on this list indicates mentions on common posts plus user suggested alternatives.
Hence, a higher number means a more popular project.
Related posts
- problem into logstash data ingestion
- I have OSSEC installed and I want software to monitor the logs. I am not sure the best way to do this. [homelab]
- Thanks for all YOUR help, WiFi is finally working flawlessly in our full stack Fortinet network.
- Logwatch alternative?
- Anyone using Security Onion with a Fortinet ecosystem?