How to forward ALL logs

willsy · July 31, 2023, 7:20am

I have the following logstash configuration file that successfully sends information to a third party location.

Effectively what i am asking is, how do i constantly send ALL the data going into elastic to this third party location. Is is a data stream thing? scroll? size? and also what would be the configuration in the index and query part of this to get ALL documents to send.


input {
 elasticsearch {
 hosts => "localhost:9200"
 ssl_enabled => true
 ssl_verification_mode => none
 api_key => "XXxxXXxxXXxxXX"
index => "logs-windows.powershell-default"
 query => '{ "query": { "query_string": { "query": "*" } } }'
 size => 60
 scroll => "60m"
 docinfo => true
 docinfo_target => "[@metadata][doc]"
}
}

output {
tcp {
host => "xxx.xxx.xxx.xxx"
port => xxxxx
codec => json_lines  
  }
}

system · August 28, 2023, 7:21am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to query 3 indexes in logstash Logstash	1	141	August 29, 2023
Elasticsearch has moved to new location. How to configure logstash to take it's place and forward to new location Logstash	6	333	February 25, 2019
Can you forward logs going into elasticsearch to a third party? Elasticsearch	4	268	July 15, 2023
How can I send logs from file to Elasticsearch using Logstash between two separated servers? Logstash	1	293	August 8, 2018
Example Inputs logtash configuration Logstash	1	173	August 16, 2023

How to forward ALL logs

Related Topics