{"id":"08229c51-70a3-491a-b329-50d6f5d7f6df","rev":2,"v":"1","name":"nsxedge","summary":"nsxedge firewall vmware","description":"nsxedge firewall vmware","vendor":"Bernd Broermann <bernd@broermann.com>","url":"https://github.com/broerman/graylog_content_pack_nsxedge","created_at":"2020-05-16T16:54:52.121Z","server_version":"3.1.3+cda805f","parameters":[{"name":"input_title","title":"input title","description":"input_title","type":"string","default_value":"nsxedge"},{"name":"kafka_topic","title":"kafka topic","description":"kafka topic","type":"string","default_value":"^nsxedge$"},{"name":"kafka_zookeeper","title":"kafka zookeeper","description":"kafka zookeeper","type":"string","default_value":"localhost:2181"}],"entities":[{"id":"b7357ed4-1e47-49a6-b257-a22742e3486d","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"NSXEDGE_INET","pattern":"INET %{NOTSPACE:reason} %{WORD:action} %{POSINT} %{WORD:direction}(?: %{POSINT})? (?<protocol>(TCP|UDP|PROTO \\d+)) %{IP:srcIP}(?:/%{POSINT:srcPort})?->%{IP:dstIP}(?:/%{POSINT:dstPort})?(?: %{WORD:flag})?"},"constraints":[{"type":"server-version","version":">=3.1.3+cda805f"}]},{"id":"79946909-0203-4f88-bf3c-178177bb9bc9","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"NSXEDGE_SYSLOG","pattern":"\\<\\d*\\>.*(?<nsxedge_timestamp_iso>%{YEAR}-%{MONTHNUM}-%{MONTHDAY}[T ]%{HOUR}:?%{MINUTE}(?::?%{SECOND}))Z .* (?<nsxedge_message>INET.*)"},"constraints":[{"type":"server-version","version":">=3.1.3+cda805f"}]},{"id":"e6df3e70-b06f-4023-a546-95589e171cf9","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"WORD","pattern":"\\b\\w+\\b"},"constraints":[{"type":"server-version","version":">=3.1.3+cda805f"}]},{"id":"242b267c-214d-4fd9-b7bf-cabc3775eda5","type":{"name":"grok_pattern","version":"1"},"v":"1","data":{"name":"YEAR","pattern":"(?>\\d\\d){1,2}"},"constraints":[{"type":"server-version","version":">=3.1.3+cda805f"}]},{"id":"4c065f6c-706d-462d-9bfa-1f0efb81d26b","type":{"name":"input","version":"1"},"v":"1","data":{"title":{"@value":"input_title","@type":"parameter"},"configuration":{"topic_filter":{"@value":"kafka_topic","@type":"parameter"},"fetch_wait_max":{"@type":"integer","@value":100},"offset_reset":{"@type":"string","@value":"largest"},"zookeeper":{"@value":"kafka_zookeeper","@type":"parameter"},"throttling_allowed":{"@type":"boolean","@value":false},"fetch_min_bytes":{"@type":"integer","@value":5},"threads":{"@type":"integer","@value":2},"decompress_size_limit":{"@type":"integer","@value":8388608}},"static_fields":{},"type":{"@type":"string","@value":"org.graylog2.inputs.gelf.kafka.GELFKafkaInput"},"global":{"@type":"boolean","@value":true},"extractors":[{"target_field":{"@type":"string","@value":"timestamp"},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":2},"converters":[{"type":{"@type":"string","@value":"DATE"},"configuration":{"date_format":{"@type":"string","@value":"yyyy-MM-dd'T'HH:mm:ss.SSS"},"time_zone":{"@type":"string","@value":"UTC"},"locale":{"@type":"string","@value":"und"}}}],"configuration":{},"source_field":{"@type":"string","@value":"nsxedge_timestamp_iso"},"title":{"@type":"string","@value":"timestamp_from_iso"},"type":{"@type":"string","@value":"COPY_INPUT"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":""},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":0},"converters":[],"configuration":{"list_separator":{"@type":"string","@value":", "},"kv_separator":{"@type":"string","@value":"="},"key_prefix":{"@type":"string","@value":"nsxedge_"},"key_separator":{"@type":"string","@value":"_"},"replace_key_whitespace":{"@type":"boolean","@value":false},"key_whitespace_replacement":{"@type":"string","@value":"_"}},"source_field":{"@type":"string","@value":"message"},"title":{"@type":"string","@value":"nsxedge_get_json"},"type":{"@type":"string","@value":"JSON"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":""},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":9},"converters":[],"configuration":{"grok_pattern":{"@type":"string","@value":"%{NSXEDGE_INET}"},"named_captures_only":{"@type":"boolean","@value":true}},"source_field":{"@type":"string","@value":"nsxedge_message"},"title":{"@type":"string","@value":"nsxedge_message_grok"},"type":{"@type":"string","@value":"GROK"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}},{"target_field":{"@type":"string","@value":""},"condition_value":{"@type":"string","@value":""},"order":{"@type":"integer","@value":1},"converters":[],"configuration":{"grok_pattern":{"@type":"string","@value":"%{NSXEDGE_SYSLOG}"},"named_captures_only":{"@type":"boolean","@value":true}},"source_field":{"@type":"string","@value":"nsxedge_text"},"title":{"@type":"string","@value":"nsxegde_text_grok"},"type":{"@type":"string","@value":"GROK"},"cursor_strategy":{"@type":"string","@value":"COPY"},"condition_type":{"@type":"string","@value":"NONE"}}]},"constraints":[{"type":"server-version","version":">=3.1.3+cda805f"}]}]}