elasticsearch logstash logstash-grok elk sonicwall

Filter Logstash Sonicwall

I'm using ELK and I wanted to know where I can insert filters to analyze Sonicwall logs and view them in the grafana.

Would you put it in the filter.conf of the logstash?

Can anybody help me?

Solution

Elastic might add a module for Sonicwall in future filebeat release. Checkout this. It is part of x-pack license but you can try it out in the trial version.

Alternatively, you can use a combination of filebeat & logstash to scrape and parse the logs and ingest it in Elastic Search. Grafana can connect to Elasticsearch directly so you can use it to create visualisations and dashboards.

How to view the different values in a geopoint to a Data table in Kibana Elasticsearch Maps
Not able to start elastic search service
Can I filter an array in elastic?
Pyspark Streaming data to Elastic search index from Kafka topic , running in Jupyter notebook, causing failure
How to move shards around in a cluster
OData services with Elastic search
How to query elasticsearch from spring with LocalDate
Elasticsearch query to get values of multiple attributes
I want to sort my elastic search aggregation data with most recent login for each user by there name
bucket_script inside filter aggregation throws error
Elasticsearch delete_by_query version conflict
Case insensitive exact match in ElasticSearch
How do I enable remote access/request in Elasticsearch 2.0?
Fluent-bit - Splitting json log into structured fields in Elasticsearch
Elasticsearch Devtools Queries (Regexp/Wildcard) - Not Working
Elastic Search Analyzer at search time not working
Elasticsearch 7.2.0: master not discovered or elected yet, an election requires at least X nodes
Create TermsQuery with List<String> using elasticsearch java api client
Elasticsearch: Use loop in Painless script
How can I check nulls in Logstash pipeline in filter plugin?
How to input a JSON file (array form) in Logstash?
OpenTelemetry Export to Elastic Search without Elastic APM
Can't connect to Elasticsearch with Node.Js on Kubernetes (self signed certificate in certificate chain)
trying to pass params to elasticsearch getting null_pointer_exception
'Compressor detection can only be called on some xcontent bytes or compressed xcontent bytes" error when indexing a list of dictionaries
Regexp filter in Opensearch (or Elasticsearch)
Shards and replicas in Elasticsearch
Search document with empty array field, on ElasticSearch
how to rename an index in a cluster?
Merge two indices value by a common field in elasticsearch