Replies: 1 comment
-
You could try changing the filebeat input by adding this: filebeat.inputs:
processors:
#Copy the yaml over to local to make your changes #vim the filebeat.yaml and scroll down to your syslog inputs #Add the stuff above and restart filebeat. so-filebeat.restart This was found here: |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hello, and sorry if I missed this in the documentation.
I'm running SO in a virt lab env for students. Presently using latest 2.3 version. I'm sending syslogs to a standalone SO server for each student env. I have one field in that syslog that is Json that I want Filebeat to parse as Json into the default SO Elastic index. Is there a way to customize the syslog Filebeat parsing?
Thanks for any time and help.
Beta Was this translation helpful? Give feedback.
All reactions