Configuration with multiple types

Adren · February 14, 2018, 10:52am

Hello,

I'm questionning myself about the configuration of logstash, if I receive UDP logs to a port but these logs may have differents types, how can I configure the UDP input then? As I can't listen to the same port more than once. How can I do ? I'll send you my configuration file - I know it is incorrect, but it is for the visual reprenstation of what I want -.

input {
  udp {
      port => 514
      type => "syslog"
      type => "event"
      type => "traffic"
      type => "utm"
    } 
}

Christian_Dahlqvist · February 14, 2018, 11:22am

I suspect you will need to use filters to determine the type based on the content or metadata of the message.

system · March 14, 2018, 11:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.