SigmaHQ/tools/config/logstash-linux.yml

title: Logstash Linux project (https://github.com/thomaspatzke/logstash-linux)
order: 20
backends:
  - es-qs
  - es-dsl
  - kibana
  - xpack-watcher
  - elastalert
  - elastalert-dsl
logsources:
    apache:
        category: webserver
        index: logstash-apache-*
    webapp-error:
        category: application
        index: logstash-apache_error-*
    linux-auth:
        product: linux
        service: auth
        index: logstash-auth-*
fieldmappings:
    client_ip: clientip
    url: request
defaultindex: logstash-*