Recently while writing some Grok patterns for the ELK cluster at work, I had a conversation with my colleage Berg about the efficiency of Grok patterns. I was working with Cisco ASA firewall logs, which are natural language, human readable logs, in contrast with IPtables or Palo Alto logs which are sent in a CSV format. In order to parse them into structured log events to feed into Elasticsearch, I used the Grok filter.
Articles in the sysadmin category
Page 1 / 1