Hello,
I used PANOS integration that work great for me. Now I want to change my configuration and use Custom UDP Logs integration. In advanced options I changed Ingest pipelines "logs-udp.generic@custom".
I also tested pipeline adding the document that was indexed by Custom UDP Logs integration, and it worked. But unfortunately when I saved this, I cannot find my logs. Could you confirm me, how can I added integration to custom udp integration. Is adding a custom pipeline enough?
Hi @Patryk_Ostrowski Can you show us the configuration as well?
If you did not change anything else I would expect the logs to end up in the data stream
logs-udp.generic-default
Thanks, It's working, but I cannot find my logs because I had a problem with time. Logs were putting to future date. But could you explain me what is difference between Ingest Pipeline field in Custom UDP Settings and Ingest piplines (in advanced options) with editing logs-udp.generic@custom ?
Yes is is a bit of an overlap... here is how I see it.
The one in the Ingest Pipeline field is for that specific UDP integration,
The logs-udp.generic@custom is one that would get applied at the end for Every UDP integration.
At least that is how I think of it.... like a "final" pipeline.
Thanks for your anserw
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
