nico

Hello @Cyb3rWard0g ! We don't really have something very defined, which is why we're trying to implement OSSEM. We did a PoC for the Windows events, and it seemed to...

Hi @hxnoyd. No worries, it was the holidays for everyone. The rationale for this question was Suricata [Eve JSON logs](https://suricata.readthedocs.io/en/latest/output/eve/eve-json-format.html), where you have common fields, then nested fields for specific...

I've started experimenting with 2.0. It looks great, thank you for the amazing work! I do have a few questions/remarks: * Is there a way to test a pipeline that...

Hey @breml, thanks for the answers! > Therefore, LFV v2 currently always expects a Logstash configuration that has at least 1 non-pipeline input and 1 non-pipeline output. > > Maybe...

I encountered a similar issue trying to test a configuration looking like this: ```logstash input { file { path => "/var/log/db_logs_logstash/*.csv" mode => "read" file_completed_action => "delete" id => "file"...

Yeah I think setting it via `fields` is perfectly fine once https://github.com/magnusbaeck/logstash-filter-verifier/issues/155 is fixed, maybe it could be mentioned in the doc to make it clearer though.

@breml thanks for the feedback, I now understand the implications better. Is the underlying issue basically that v1/standalone removes all inputs and outputs anyway, while daemon mode keeps them and...

@breml cool, yeah I'm following the 2.0 work and discussion, so many great features! Big thanks to you and @magnusbaeck for this!