我正在尝试将Symantec WSS的日志插入Kibana。我需要格罗模式 有人对此有Grok模式吗? 我正在尝试此操作,但不起作用:
%{NUMBER:PID}%{SPACE}%{TIMESTAMP_ISO8601:TimeStamp}%{SPACE}"%{DATA:Proxy_HostName}"%{SPACE}%{NUMBER:Proxy_HostName_Port}%{SPACE}%{IP:IPAddress}%{SPACE}%{NOTSPACE:User}%{SPACE}%{NOTSPACE:FILED_1}%{SPACE}%{NOTSPACE:FILED_2}%{SPACE}%{NOTSPACE:FILED_3}%{SPACE}"%{DATA:Category}"%{SPACE}%{DATA:FIELD_4}%{SPACE}%{NUMBER:Response_Code}%{SPACE}%{NOTSPACE:FIELD_5}%{SPACE}%{NOTSPACE:Method}%{SPACE}%{NOTSPACE:Format}%{SPACE}%{NOTSPACE:Protocol}%{SPACE}%{NOTSPACE:DOMAIN_URL}%{SPACE}%{NUMBER:DstPort}%{SPACE}%{NOTSPACE:FIELD_6}%{SPACE}%{NOTSPACE:FIELD_7}%{SPACE}%{NOTSPACE:FIELD_8}%{SPACE}"%{DATA:Agent}"%{SPACE}%{IP:LOCAL_IP}%{SPACE}%{NUMBER:FIELD_10}%{SPACE}%{NUMBER:FIELD_11}%{SPACE}%{NOTSPACE:FIELD_12}%{SPACE}"%{DATA:FIELD_13}"%{SPACE}%{NOTSPACE:FIELD_14}%{SPACE}%{NOTSPACE:FIELD_15}%{SPACE}%{NUMBER:FIELD_16}%{SPACE}"%{DATA:FIELD_17}"%{SPACE}%{NOTSPACE:FIELD_18}%{SPACE}"%{NOTSPACE:FIELD_19}"%{SPACE}"%{NOTSPACE:FIELD_20}"%{SPACE}%{IP:FIELD_21}%{SPACE}"%{DATA:FIELD_22}"%{SPACE}%{NOTSPACE:FIELD_23}%{SPACE}%{NOTSPACE:FIELD_24}%{SPACE}%{NOTSPACE:FIELD_25}%{SPACE}%{NOTSPACE:FIELD_26}%{SPACE}%{NOTSPACE:SSL_TLS_Type}%{SPACE}%{NOTSPACE:Encryptions}%{SPACE}%{NUMBER:Encryption_Byte}%{SPACE}%{NOTSPACE:URL_2}%{SPACE}"%{DATA:Category_2}"