RuMORDeN
RuMORDeN
/ gist:299c5245e680a72c44061b4891c535e2
Last active
December 19, 2019 20:23
filebeat-7.5.0-cisco-ftd-asa-ftd-pipeline-query
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Setup Filebeat 7.5 per docs at https://www.elastic.co/guide/en/beats/filebeat/7.5/filebeat-getting-started.html | |
| #filebeat modules enable cisco | |
| #filebeat setup | |
| #Behavior results from processing by filebeat-7.5.0-cisco-ftd-asa-ftd-pipeline pipeline. Bypass of this pipeline eliminates issue. | |
| #Successful query of documents ingested outside of filebeat-7.5.0-cisco-ftd-asa-ftd-pipeline | |
| GET syslog-000008/_search | |
| { | |
| "query": { | |
| "match": { |