Viewing Structured Logs Using Kibana

In the SAST database, enable the SPLIT_MESSAGE_WITH_MULTIPLE_LINES_TO_MULTIPLE_MESSAGES option in the EngineConfiguration table, by using the following command:

UPDATE [CxDB].[Config].[CxEngineConfigurationKeysMeta] SET [DefaultValue] = 'true' WHERE [KeyName] = 'SPLIT_MESSAGE_WITH_MULTIPLE_LINES_TO_MULTIPLE_MESSAGES'

Configure the Checkmarx logs so they are displayed in a structured format, by ensuring that the appsettings.json file looks similar to the following:

Then the log output will be displayed in a structured format, similar to the following:

Ensure that Elastic Search and Kibana are installed and configured.

For more information, refer to the Elasticsearch and Kibana installation instructions.

Upload the Checkmarx log file, such as EngineScanLog, to Kibana.

Save the log file as a data source.

Open the index in the Discover view.

Select your saved source. The log information is displayed similar to the following screenshot:

In the Discover view, select your source.

In the filter field, enter a custom KQL syntax query. For example, to display sample engine query total results, enter the following syntax:

field15: "\"Queries\"" and field17: *Total\:*

The results of the query is shown below:

In the Dashboard view, create graphic visualizations of the log data that you want to display. For example, you can create a donut chart to view log level distribution.

You can add several graphic visualizations to your dashboard.

Save your dashboard.