I'm trying to parse the Zeek IDS log using telegraf and influxdb. In the logs that zeek uses, they are separated by tabs, but when telegraf reads these logs, it adds \t. I am not able to create a pattern to perform the separation of fields
Log Zeek:
1669666446.619248 CLod7M1SB6EGHAp50a fe80::a00:27ff:fe8d:4f7d 143 ff02::16 0 icmp - - - - OTH F F 0 - 1 96 00 -
Telegraf Debug:
2022-11-29T14:36:52Z D! [parsers.grok::tail] Grok no match found for: "1669666446.619248\tCLod7M1SB6EGHAp50a\tfe80::a00:27ff:fe8d:4f7d\t143\tff02::16\t0\ticmp\t-\t-\t-\t-\tOTH\tF\tF\t0\t-\t1\t96\t0\t0\t-"
Grok Debugger:
%{SYSLOGHOST:ts}\t%{WORD:uuid}
No Matches
I've already made several attempts at patterns but without success. my knowledge is basic