09-logstash.txt

https://www.elastic.co/products/logstash

/vagrant/config/logstash/suricata.conf 
input {
  redis {
    data_type => "list"
    host => "192.168.10.11"
    port => 6379
    key  => "martins-suricata"
    tags => ["suricata", "KAV", "fromredis"]
  }
}
filter {
  json {
    source => "message"
  }
  if 'syslog' not in [tags] {
    mutate { remove_field => [ "message", "Hostname" ] }
  }
}
output {
  elasticsearch {
    hosts => ["192.168.10.11"]
    index => "suricata-%{+YYYY.MM.dd.hh}"
    manage_template => false
    document_type => "doc"
  }
}




docker run -dit --name logstash -h logstash --network host -v /vagrant/config/logstash/:/usr/share/logstash/pipeline/ -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" --restart unless-stopped --log-driver syslog --log-opt tag="logstash" docker.elastic.co/logstash/logstash-oss:6.6.0

curl localhost:9200/_cat/indices
curl -XGET localhost:9200/suricata-2019.02.17.04/_settings

curl localhost:9200/_cat/indices