Logstash newb, a bit baffled. Connecting a log4j2 application to logstash

I have an application that uses log4j2 to output it's log files.

I am trying to figure out a "correct", out-of-the-box way to get these logs into logstash.

I see there is a log4j input plugin, however it does not support log4j2.
I see there is a log4j2 community plugin, however, it doesn't work past version 2.x

sudo bin/logstash-plugin install logstash-input-log4j2
Validating logstash-input-log4j2

Installing logstash-input-log4j2
Plugin version conflict, aborting
ERROR: Installation Aborted, message: Bundler could not find compatible versions for gem "logstash-core":
  In snapshot (Gemfile.lock):
logstash-core (= 5.2.2)

  In Gemfile:
logstash-core-plugin-api (>= 0) java depends on
  logstash-core (= 5.2.2) java

logstash-input-log4j2 (>= 0) java depends on
  logstash-core (< 2.0.0, >= 1.4.0) java

logstash-core (>= 0) java

Running `bundle update` will rebuild your snapshot from scratch, using only
the gems in your Gemfile, which may resolve the conflict.
Bundler could not find compatible versions for gem "logstash":
  In Gemfile:
logstash-input-log4j2 (>= 0) java depends on
  logstash (< 2.0.0, >= 1.4.0) java
Could not find gem 'logstash (< 2.0.0, >= 1.4.0) java', which is required by gem 'logstash-input-log4j2 (>= 0) java', in any of the sources.

I also see that logstash ITSELF utilizes log4j2 on the backend, which makes me think, is there some other way to use these two together besides a specifically tailored log4j2 plugin? Maybe using logstash to stream the log file directly off disk or something like that? Or using the websocket plugin? I'm trying to find a solution that works to connect the two in an elegant way.


I found quite a simple solution through trial and error. Posting it here in case somebody new to logstash wants an out of the box solution beyond messing around with 3rd party log4j input plugins. The trick is to simply use the "Socket" type appender on the log4j2 side

<Socket name="myAppenderName" host="my.logstash.server" port=xxxx > </Socket>

then on the logstash side, use the TCP input plugin. From there you should be able to use the standard filters and output plugins.

input {
       	stdin { }
       	tcp {
       	    port => xxxx

I haven't done anything super sophisticated with it beyond that, but I've been able to grok some custom logs into elastic search fields.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.