Hi everyone, we have 2 conf file in Logstash (version 6.8.6) conf.d directory to differentiate Microsoft log from Linux log, the first: input { tcp { port => 3515 codec => json } } filter { mutate { add_tag => ["forwar…

Before each output please include an if statement if "forwardedsyslog" in [tags] { output ... }

Hi grumo35, thanks for your reply. I'll give it a try and let you know :slight_smile:

[image] grumo35: Before each output please include an if statement if "forwardedsyslog" in [tags] { output ... } Here are my new conf file, but nothing as changed: input { tcp { port => 3515 codec => json } } filter { mutate { …

[image] Badger: Does this help? thanks for your reply! I'll take a look into it!

Discuss the Elastic Stack

Differentiate Linux syslog log from Windows event log

Elastic Stack Logstash

Badger January 17, 2020, 2:44pm 5

Does this help?

Topic		Replies	Views
Rsyslog to logstash help Logstash	4	1425	December 17, 2017
Some logs to Elastic, some to SIEM Logstash	12	3353	August 11, 2019
Distinguish between syslog inputs Logstash	5	2674	May 25, 2017
How to different syslog in the same port? Logstash	7	1926	February 20, 2022
Log in wrong index Logstash	15	4486	July 6, 2017

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.

Differentiate Linux syslog log from Windows event log

Related topics