Anyone written grok parsing(Logstash) for osquery. I tried using filebeat osquery module not working.

Could be better to ask in #general

A little more context around your setup would be helpful. Are you using Fleet? How are the logs being emitted?