[Juniper SRX] Syslog messages

[daniterras]

Kibana version: 8.13.3 Elasticsearch version: 8.13.3

The following error message appears:

error.messageProcessor "grok" with tag "" in pipeline "logs-juniper_srx.log-1.21.0" failed with message "Provided Grok expressions do not match field value: [<101>Jun 6 15:18:03 host01 xntpd[2130]: kernel time sync enabled 2001]"

The pipeline for the Junos SRX integration (version 1.21.0) is failing to interpret the messages correctly.

[elasticmachine]

Pinging @elastic/sec-deployment-and-devices (Team:Security-Deployment and Devices)

[pkoutsovasilis]

Hello @daniterras , as mentioned in the documentation of the Juniper SRX, only the format "structured-data + brief" is supported. As far as I can tell, the log line that you reported <101>Jun 6 15:18:03 host01 xntpd[2130]: kernel time sync enabled 2001] is not following this format. Can you switch the log messages format to the supported one?