Skip to content

Instantly share code, notes, and snippets.

@alicansaykal
Created March 9, 2022 06:56
Show Gist options
  • Save alicansaykal/378b9912217048f99536915ae622f0ea to your computer and use it in GitHub Desktop.
Save alicansaykal/378b9912217048f99536915ae622f0ea to your computer and use it in GitHub Desktop.
AWS Flow Log - Logstash input / Grok Filter
else if [type] == "VPCFlow" {
grok {
match => { "message" => ["%{NUMBER:version:int} %{NOTSPACE:account-id} %{NOTSPACE:interface-id} %{NOTSPACE:srcaddr} %{NOTSPACE:destinationAddress} %{NOTSPACE:sourcePort:int} %{NOTSPACE:destinationPort:int} %{NOTSPACE:protocol:int} %{NOTSPACE:packets:int} %{NOTSPACE:bytes:int} %{NUMBER:startTime:int} %{NUMBER:endTime:int} %{NOTSPACE:action} %{NOTSPACE:logStatus}"] }
remove_field => "message"
}
}
}
# Version 2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment