How to send logs to multiple UDP destination using logstash from elasticsearch

Vedagiri_Balaji · June 29, 2021, 7:40am

Hi ,
Currently we sending logs to a UDP destination, we intend send the same logs to multiple UDP destination ( logs are read from elasticsearch )

udp {
id => "udp_exporter"
codec => plain {
format => "%{message}"
}
host => "10.10.10.10.1"
port => 522
}

When i tried to use "host => "10.10.10.1, 10.10.10.2" it didn't work, it was sending logs to only first destination.

Regards,
Balaji

pcosic · June 29, 2021, 8:15am

Hi,

I think this is your solution Multiple elasticsearch clusters for output
So in your case try to add just another UDP output plugin

Vedagiri_Balaji · June 29, 2021, 10:01am

But my destination is not elasticsearch cluster, it is an external SIEM device.

pcosic · June 29, 2021, 10:04am

Do you tried this?

system · July 27, 2021, 10:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash multiple output endpoints single event Logstash	2	746	April 12, 2017
Logstash syslog UDP output Logstash	1	573	November 5, 2019
How to send syslog to multiple destinations? Logstash	1	487	March 5, 2021
Using two input plugins ( beats and udp ) and output it to Elasticsearch Logstash	6	1952	August 4, 2017
Sending logstash data to multiple elastic instances/clusters Logstash	12	12348	July 6, 2017