remove old CSV parsing logic

philhagen · Mar 30, 2021 · 9c580a0 · 9c580a0
1 parent f44f8bf
commit 9c580a0
Showing 1 changed file with 1 addition and 26 deletions.
diff --git a/configfiles/6801-azure.conf b/configfiles/6801-azure.conf
@@ -1,36 +1,11 @@
 # SOF-ELK® Configuration File
 # (C)2021 Lewes Technology Consulting, LLC
 #
-# This file parses CSV-formatted Azure logs
+# This file parses JSON-formatted Azure logs
 
 filter {
   if [type] == "azure" {
 
-    if "csv" in [tags] {
-      ### Azure Activity Logs, in CSV format
-      # See https://docs.microsoft.com/en-us/azure/azure-monitor/platform/activity-log-schema
-      csv {
-        separator => ","
-        skip_empty_rows => "true"
-        columns => [ "correlation_guid", "operation_name", "status", "event_category", "level", "datetime", "subscription_guid", "initiator", "resource_type", "resource_group", "resource" ]
-        remove_field => "message"
-        add_tag => [ "azure_csv_activity_log" ]
-      }
-
-      if [datetime] == "Time" {
-        drop {}  # drop the first line that contains the column names.
-      }
-
-      date {
-        match => [ "datetime", "ISO8601" ]
-      }
-
-      # remove unneccesary fields
-      mutate {
-        remove_field => [ "datetime" ]
-      }
-    }
-
     if [raw][System][Provider][Name] == "Microsoft-Windows-Security-Auditing" {
       #### Azure VM Event Logs, in XML format
       date {