Question on Windows event log ingest and parse

Metron version – 0.4.0 Single node install, bare metal install No significant changes to base install besides maintenance mode on elasticsearch mpack and manual configuration. I have a Windows 2012 server running AD, AD LDS, DNS, and DHCP. I installed Winlogbeat

Re: Question on Windows event log ingest and parse

Hi Ed, Sounds like a really nice piece of work to get pushed into the core… how would you feel about taking that grok parser and formalising it into the core of Metron (happy to help there by the way). On the actual issue, is sounds like it’s likely to be something to do with conversion of th

Re: Question on Windows event log ingest and parse

a:122) ~[stormjar.jar:?] at org.apache.hadoop.fs.Path.(Path.java:134) ~[stormjar.jar:?] at org.apache.metron.parsers.GrokParser.openInputStream(GrokParser.java:82) ~[stormjar.jar:?] at org.apache.metron.parsers.GrokParser.init(GrokParser.java:109) ~[stormjar.jar:?] ... 5 more

Re: Question on Windows event log ingest and parse

Subject: Re: Question on Windows event log ingest and parse Hi Ed, Sounds like a really nice piece of work to get pushed into the core… how would you feel about taking that grok parser and formalising it into the core of Metron (happy to help there by the way). On the actual issue, is sounds

Re: Question on Windows event log ingest and parse

che.org > Subject: Re: Question on Windows event log ingest and parse > > Hi Ed, > > Sounds like a really nice piece of work to get pushed into the core… how > would you feel about taking that grok parser and formalising it into the core > of Metron (happy to help there by th

[SOLVED] Re: Question on Windows event log ingest and parse

t;index":"not_analyzed" }, "event_id":{ "type":"string", "index":"not_analyzed" }, "computer_name":{ &qu