Logstash forwarder question

Hi all, we at Coralogix are working on a logstash forwarder to our Log Analytics application.
Since we need the log data structured we need the user to do some pre-definitions.

The question is: will you as Logstash users be OK with an integration that requires you to do the following?

I would love to get your opinion since the ease of integration is very important to us, thanks!

  1. create "application" and "subsystem" fields in each logstash forwarder configuration file:
    "files": [
    {
    "paths": [
    ...
    ],
    "fields": { "type": "applicationlog",
    "application_name": "Middleware",
    "subsystem_name": "requests" }
    }

  2. create grok filter and regexs to parse each log message for the following: timestamp, severity, category, class, method

  3. add coralogix output plugin, with the private key as parameter, no other config needed here.

Since logstash-forwarder is deprecated is favor of Filebeat I wouldn't be too happy about a software vendor requiring me to use LSF but apart from that what you say makes sense on a high level.

1 Like