2.2 KiB
2.2 KiB
Filters
The following filters are provided.
| Filter | Description |
|---|---|
| grok | Similar to the logstash grok filter |
| date | Similar to the logstash date filter |
| mutate | Similar to the logstash mutate filter |
| Example Input: |
"Filters": [
{
"grok": {
"condition": "[type] == \"Win32-Eventlog\"",
"match": [
"Message",
""
],
"remove_field": [
"ComputerName"
]
}
},
{
"grok": {
"match": [
"message",
"%{SYSLOGLINE}"
],
"add_field": [
"Hello", "from %{logsource}"
]
}
},
{
"date": {
"condition": "[type] == \"Win32-FileLog\"",
"match": [
"timestamp",
"MMM d HH:mm:sss",
"MMM dd HH:mm:ss"
],
"add_field": [
"UtcTimestamp"
],
"convertToUTC": true
}
},
{
"mutate": {
"_comment": "Custom Rules",
"rename": [
"ComputerName", "Host",
"host", "Host",
"message","Message",
"type","Type",
"SID", "Username"
]
}
}
]