Format issue using http output plugin to send logs from logstash to azure eventhub

Shakib_farooq · July 7, 2022, 5:24am

Hello,

I am facing an issue in forwarding logs from logstash to the event hub, below is the conf file. the requirement is to forward winlog beats logs to the event hub.
I am receiving logs in elastic if I kept the format filed as "message" but the logs are not readable, I tried to change the format field to JSON but then I'm not able to receive logs in elastic.

Thanks

input { 
  beats {
     port => 5099
}
 }

filter {}

output {
 #stdout { codec => rubydebug }
 
 http {
 url => "https://namespace.windows.net/eventhub/messages"
  content_type => "application/x-www-form-urlencoded"
  http_method => "post"
  format => "message"
  headers => {
    "Host" => "namespace.servicebus.windows.net"
    "Authorization" => "***********"
  }
 }
}

Rios · July 7, 2022, 6:02am

You are using https and I don't see certs params in your output http.

Easiest way is to set ssl_verification_mode => "none". Latter add full cert structure.

system · August 4, 2022, 6:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.