Hi everyone, we have 2 conf file in Logstash (version 6.8.6) conf.d directory to differentiate Microsoft log from Linux log, the first: input { tcp { port => 3515 codec => json } } filter { mutate { add_tag => ["forwar…

Before each output please include an if statement if "forwardedsyslog" in [tags] { output ... }

Differentiate Linux syslog log from Windows event log

Badger January 17, 2020, 2:44pm 5

Does this help?

1 Like

Elasticsearch is a trademark of Elasticsearch BV, registered in the U.S. and in other countries
Trademarks
Terms
Privacy
Brand
Code of Conduct

Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.