Hi,
Outside of the individual performance of the targets I haven't seen any examples like this. Doesn't seem to matter which output I use as long as I only use one so I don't feel target performance is the issue and I may have a yml format problem with what is posted below.
I don't see how I could solve this in a pipeline either.
Q: Are multiple output supported in a single pipeline or could someone add an example or reference one in Documentation?
Thanks !
input {
beats {
port => 5044
}
}
output{
elasticsearch {
hosts => "elasticsearch.svr:9200"
sniffing => false
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
} # End elasticsearch
if [type]=="wineventlog" and [level] == "Error" or [level] == "Warning" {
http {
user=>"apiusername"
password=>"#########"
http_method=>"post"
format=>"message"
content_type => "application/json"
url=>"http://monitoring.svr/api/alert"
#message =>'{"message":"%{name} %{log_name}"}'
message =>'{"aligned_resource":"/device/5013","message":"%{host} %{log_name} %{level} EventID:%{event_id} %{message}"}'
} # End http
} # End if
if [type]=="wineventlog" {
sumologic {
url => "https://endpoint1.collection.us2.sumologic.com/""
compress => true
compress_encoding => "gzip"
source_name => "%{host}"
source_category => "windows"
format => "%{@timestamp} %{@json}"
} # End Sumo
} # End if
} # End Out