Hello
As stated in the documentation log4j input plugin for logstash is deprecated (security reasons) and log4j2 input plugin (community) is quite not maintained...
The official recommendation for migration is to use filebeat.
For my use case (and probably not only mine) this is quite a setback:
log4j/log4j2 with MDC (mapped diag. context) and NDC (nested diag. context) which are used to pass additional information in the log event, beside the message and class context...
Currently log4j input plugin recognizes and automatically adds the MDC/NDC to the event in logstash, without any coding or specification
To partially do the same with beats, i will need to add %X{name} for every MDC entry to the log pattern, then parse that entry to a field in LS...
For the NDS its simpler, only %x once that can be simply parsed
My problem is that MDC is not a constant set, it can have lots of different key/value
Use a Log4j layout or whatever they're called that dumps the whole log record to JSON. Log4j 2 appears to include one and I'd expect it to support inclusion of MDC and NDC.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.