logstash-codec-cef
logstash-codec-cef copied to clipboard
logstash-plugins
CEF codec for Logstash
The [delimiter setting](https://www.elastic.co/guide/en/logstash/current/plugins-codecs-cef.html#plugins-codecs-cef-delimiter) was introduced to make cef decoding possible on byte stream inputs like the TCP input. Without a delimiter it's impossible to guarantee that each write containing a...
We're working toward standardizing docs for our ECS-ified plugins, with a mapping table as a key component. Input-beats is the example that we're standardizing against: * [input-beats doc](https://www.elastic.co/guide/en/logstash/master/plugins-inputs-beats.html) * [input-beats...
Please support the target config option to set where to store the parsed data (instead of in the root). For example see the netflow codec plugin.
https://community.microfocus.com/t5/ArcSight-Connectors/ArcSight-Common-Event-Format-CEF-Implementation-Standard/ta-p/1645557 reviewing the above there seems to be additional fields that needs to be added to the mappings. I also noticed a couple of incorrect mappings. for example slat =>sourceLongitude...
Please post all product and debugging questions on our [forum](https://discuss.elastic.co/c/logstash). Your questions will reach our wider community members there, and if we confirm that there is a bug, then we...
The current approach [1][2] to converting extension fields that have an array-like syntax (e.g changing `fieldname[0]` to `[fieldname][0]`) can lead to conflicts or data loss if a key with the...
As specified in the CEF, new lines in the extension must be encoded as the literal `\n` or `\r`. Upon receiving these, instead of converting them in LF or CR,...
This would allow dynamic management of fields to be appended. Particularly useful with inter-pipeline communication. Config Mockup: ``` input { heartbeat { add_field => { "[@metadata][cef_extensions]" => {} "[rt]" =>...
With the newest release of Connectors (7.11), ArcMC(2.90 and Logger(6.70) a new field is introduced. The field itself is generated on the Connector, based on a unique ID per connector...
I tried o do it, but as I understand it is possible only with ruby code. I suggest to imlement it in this filter. Now in the output of cef...
