Logstash Input - beats and azureblob

charan.gandra · February 28, 2018, 2:14pm

Hi,

I am using Filebeat to send the log files from remote host to logstash and also trying to grab NSG flow logs from Azure using logstash plugin.

Here is my input.conf, how can I parse these two individual inputs separately and how do I index them as well? Can someone please give me an example. I wold like to index them separately based on the input.

input {
beats {
port => 5044
client_inactivity_timeout => 599
ssl => true
ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"
ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"
}
azureblob
{
storage_account_name => "mystorageaccount"
storage_access_key => "VGhpcyBpcyBhIGZha2Uga2V5Lg=="
container => "insights-logs-networksecuritygroupflowevent"
codec => "json"
file_head_bytes => 12
file_tail_bytes => 2
}

magnusbaeck · February 28, 2018, 2:23pm

Use tags or add_field for each input to update each event coming from that input. Then you can use conditionals in your filter and output sections to select which events should be sent where.

charan.gandra · February 28, 2018, 2:27pm

Thanks for the quick reply, do you have an example syntax?

Thanks

system · March 28, 2018, 2:27pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Beats not parsed Logstash	1	289	February 2, 2020
Logstash active exited using filebeat input Logstash	2	1872	July 6, 2017
Use logstash or filebeat for sending azure JSON logs? Beats filebeat	16	3669	March 29, 2017
[Logstash][Filebeat] multiple logstash pipeline with filebeat Logstash	3	1387	July 17, 2019
Why I can't get all log from filebeat to elasticsearch? Beats	4	621	April 11, 2018

Logstash Input - beats and azureblob

Related topics