This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Hi,I Think that is not possible because you cannot search for a nullable
log. Maybe you can use the search API and create a custom cloud function
to ingest the metric in the SIEM and create a related rule.
Hi, In general I suggest you to use the official grok repo to search for
a specific pattern: logstash/patterns/grok-patterns at v1.4.2 ·
elastic/logstash · GitHubIn this specific case, if all values are
separated by space, you can use the following s...
If the old logs contains a specific pattern (for example a label named
'test' or same fields contains a test value) you can define an if
condition at the top of the parser to drop {} all logs contains a
specific pattern.
have you tried to use the statedump {} command to debug the message? If
the raw log is correct, you should view like the screenshot in the debug
viewIn this case you can simply access to data using the following block
(I suggest you to check if a tex...
