Good morning, I am completely new to Graylog (or any SIEM really) and I was tasked to parse our firewall’s logs. There are around 40 total fields with only 10 being there all the time so the 30+ others are optionnal. I have been using one pipeline and GROK to parse the logs so I have a lot of ? be…

What is the most effective way to parse logs with lots of optionnal fields?

tmacgbay (Tmacgbay) June 22, 2022, 11:06pm 3

Here is a note on how I handled firewall traffic coming from PaloAlto firewalls:

1 Like