Custom Zeek log ingestion

[Nasica]

Good evening,

I have written a custom script for Zeek and have successfully integrated it with the docker container so that it is producing the log as expected; however, I can not see the log in either Kibana or Hunt. I have tried making an entry in filebeat.yml but that didn't seem to work either.

What do I need to do to have this new custom log ingested to Kibana?

Thank you

[weslambert]

You'll need to add a log/filestream input for Filbeat.

To do this, add something like the following to the applicable minion pillar file(s):

filebeat:
  config:
    inputs:
      - type: filestream
        paths:
          - /nsm/mylogdir/mylog.log
        fields:
          module: mymodule
          dataset: mydataset
          category: mycategory

        processors:
          - drop_fields:
              fields: '["source", "prospector", "input", "offset", "beat"]'

        fields_under_root: true
        clean_removed: false
        close_removed: false