Grabbing UDP data stream with Beats?

dewell · August 28, 2020, 12:08pm

Hello, I read now a lot about logstash and beats and I'm still insecure what's the easiest way to get my data into elasticsearch. It seems filebeat supports UDP so I started with that. Intuitively I assumed packetbeat would be the way to go but there's no UDP support it seems.

I have installed filebeat and configured the filebeat.input

 - type: udp
  # Change to true to enable this input configuration.
  enabled: true
  host: "localhost:7200"
  max_message_size: 10KiB
  tags: ["testudp"]
  fields:
    app_id: udp_test_1

My udp source is constantly sending double values (5 bytes) with a rate of 100 datasets per second.

Filebeat is also connected to elasticsearch and it all works well, no errors when I start it with ./filebeat -e

I get now every 30 seconds information about the input but it doesn't seem to receive the data in anyway.

Is my approach at least the right one?

Kaiyan_Sheng · August 29, 2020, 3:43pm

Hi @dewell thank you for posting here! I believe udp filebeat input is what you want. The config looks good. If you want, you can try without the extra tags and fields for just using udp input by itself to make sure that works first.

filebeat.inputs:
 - type: udp
  enabled: true
  host: "localhost:7200"
  max_message_size: 10KiB

If you run Filebeat with debug level logs, what do you see? The command would be:

./filebeat -e -d "*"

Thank you!

system · September 26, 2020, 5:43pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.