Filters in logstash for sending the logs to elastic search index

Makra · December 18, 2016, 7:21pm

Hi
Troy
Issue remains when the logstash reads the logs from syslog-ng server . instead of IP address , this value => 'Source_IP:%{[_source][SOURCEIP]}' is being added added. whereas the the same config from command line ( -f option) added the source IP. The difference is that in the test.conf the input is-
input {
stdin { codec => json }

}

as described in Add field from JSON / logstash filter
whereas in the dev. environment the input section is->

input {
tcp {
port => 9999
type => "syslog-all"
tags => [ "Syslog-All" ]
codec => json
}
udp {
port => 9999
type => "syslog-all"
tags => [ "Syslog-All" ]
codec => json
}
}

logs did arrive in the kibana dashboard for the above input but with this => Source_IP:%{[_source][SOURCEIP]}

Really puzzling

Topic		Replies	Views
Rsyslog to logstash help Logstash	4	1365	December 17, 2017
Logstash parsing syslog to different indices depending on source hosts Logstash	6	5280	August 8, 2017
Filter multiple logs from same file to different index Logstash	2	575	June 23, 2020
I have configuration of logstash for syslog , it is collecting from multiple devices, how can i create separate indices for each device Logstash elastic-stack-monitoring	3	130	April 13, 2024
Some logs to Elastic, some to SIEM Logstash	12	3154	August 11, 2019

Filters in logstash for sending the logs to elastic search index

Related Topics