Also when I enter indices in Kibana, it fails to search for my Kafka topic and I dont know why the cef logs are not coming into Kibana
On 5 January 2018 at 00:23, Simon Elliston Ball <[email protected] > wrote: > Are the logs you’re sending with syslog in CEF format? You will note that > the CEF sensor uses the CEF parser, which means unless your logs are in CEF > format, they will fail to parse and be dropped into the error index (worth > checking the error index in kibana via the Metron Error Dashboard. That > will likely tell you why things aren’t parsing. > > The most likely scenario is that you are sending something non-CEF on the > syslog feed, in which case you will need something like a Grok parser. I > suggest reading through the Squid example in the documentation on how to do > this. > > Simon > > > On 4 Jan 2018, at 18:49, Gaurav Bapat <[email protected]> wrote: > > > > They are syslogs and my topic name is cef, I get one parsed logs out of > 1000+ and I want to do analytics using Spark but I cant find a way out. > >
