Hi all, we at Coralogix are working on a logstash forwarder to our Log Analytics application.
Since we need the log data structured we need the user to do some pre-definitions.
The question is: will you as Logstash users be OK with an integration that requires you to do the following?
I would love to get your opinion since the ease of integration is very important to us, thanks!
-
create "application" and "subsystem" fields in each logstash forwarder configuration file:
"files": [
{
"paths": [
...
],
"fields": { "type": "applicationlog",
"application_name": "Middleware",
"subsystem_name": "requests" }
} -
create grok filter and regexs to parse each log message for the following: timestamp, severity, category, class, method
-
add coralogix output plugin, with the private key as parameter, no other config needed here.