Logstash json to kv output to syslog for splunkindex

Elastic Stack Logstash
1

I would like to get data from database and add few fields with builtin json to kv conversion and pusing it to syslog/tcp of splunk indexer.

any sample config you can guide?

  1. json to kv - any example?
  2. add few fields so that splunk indexer can recognize - Done !!
  3. sample push it to syslog/tcp.> tcp works any sample for syslog?
2

LSF is deprecated, you should be using beats instead :slight_smile:

3

Unless your question really is about logstash-forwarder (which is depreacted, as Mark says) I suggest you edit your post and move it to the Logstash category. Quick answers in the meantime:

  1. There's no such built-in conversion, but the json filter or codec can parse your JSON into fields and you can write a small piece of Ruby code in a ruby filter to convert those fields into key/value pairs.
  2. Use the add_field option of any filter.
  3. Use either the syslog or the tcp output.
1 Like