How to send logs to multiple UDP destination using logstash from elasticsearch

Vedagiri_Balaji · June 29, 2021, 7:40am

Hi ,
Currently we sending logs to a UDP destination, we intend send the same logs to multiple UDP destination ( logs are read from elasticsearch )

udp {
id => "udp_exporter"
codec => plain {
format => "%{message}"
}
host => "10.10.10.10.1"
port => 522
}

When i tried to use "host => "10.10.10.1, 10.10.10.2" it didn't work, it was sending logs to only first destination.

Regards,
Balaji

pcosic · June 29, 2021, 8:15am

Hi,

I think this is your solution Multiple elasticsearch clusters for output
So in your case try to add just another UDP output plugin

Vedagiri_Balaji · June 29, 2021, 10:01am

But my destination is not elasticsearch cluster, it is an external SIEM device.

pcosic · June 29, 2021, 10:04am

Do you tried this?

Topic		Replies	Views
Udp output not working Logstash	2	525	November 11, 2019
Logstash multiple output endpoints single event Logstash	2	777	April 12, 2017
Logstash send data to 2 elastic search clusters Logstash	1	258	March 17, 2022
Multiple ELK cluster output Logstash	5	759	May 6, 2019
With a small ES cluster that shares master duties, where do I send my Logstash output? Logstash	1	234	September 3, 2020