Phil Hagen

other option is to use ruby code, but concerned about performance impact

reopening to change grok statement in the parser

Tabling this until https://github.com/logstash-plugins/logstash-filter-cidr/issues/19 is addressed so we can iterate over an arbitrary number of values in the `[ips]` array.

this may be more complicated than it at first looks... lots of grok hackery https://github.com/logstash-plugins/logstash-input-syslog/issues/15

This is still something that would likely need to be raised with the Logstash developers. I'm not likely going to be able to maintain a processing pipeline that is forked...

I don't plan to raise the issue, as it's not something I'm directly experiencing. I'll see if there is anything that can be done locally under the context of this...

there are two fields at play - one is definitely the PRI and he totally handle that. The other is a mystery integer that may or may not be the...

H/T to Raul P for the question that spurred this and the sample to prove it's viable.

Yes, we'll be adding the evtx handler from @ericZimmerman as soon as some of the JSON is normalized and I can get to the parser. It's awesome so far!!!

This should also enable a "reprocess" option, where old messages are re-parsed with new configuration files. Possibly a process such as the following running as a cron or manually-trigger script:...