Configuration with multiple types

Adren · February 14, 2018, 10:52am

Hello,

I'm questionning myself about the configuration of logstash, if I receive UDP logs to a port but these logs may have differents types, how can I configure the UDP input then? As I can't listen to the same port more than once. How can I do ? I'll send you my configuration file - I know it is incorrect, but it is for the visual reprenstation of what I want -.

input {
  udp {
      port => 514
      type => "syslog"
      type => "event"
      type => "traffic"
      type => "utm"
    } 
}

Christian_Dahlqvist · February 14, 2018, 11:22am

I suspect you will need to use filters to determine the type based on the content or metadata of the message.

system · March 14, 2018, 11:22am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash multiple tcp inputs with different ports Logstash	2	8072	July 6, 2017
IF ELSE in Logstash INPUT Logstash	2	2194	March 15, 2017
Can i send different Logs to different Indicies? Logstash	1	333	April 1, 2020
Can i have in logstash 2 different inputs with 2 different ports Logstash	5	1804	April 28, 2020
Syslog input, open only udp port Logstash	2	741	July 26, 2018

Configuration with multiple types

Related topics