Logstash pull data from Event Hub And output to several LogAnalytics

omrip · January 5, 2020, 5:10pm

Hi,
i am trying to send data from 2 pipelines inputs of Eventhub and forward the data to 2Log Analytics instances.
there are 2 configuration file to read data from each event hub.
the output of the data is send to 2 Log analytics each.
Event hub 1 ----->data is send to Main LA and to EventHub1-LA instance
Event hub 2 ----->data is send to Main LA and to EventHub2-LA instance
i do not want the L>A
when ruuning the pipe line the data is mixed and being sent to to all an different LA analytics instances .

here are the conf. files:

input {
azure_event_hubs {
event_hub_connections => ["Endpoint=<this is Event hub 1"]
threads => 3
decorate_events => true
consumer_group => "$Default"

}
}
filter {
if "beats_input_codec_plain_applied" in [tags] {
mutate {
remove_tag => ["beats_input_codec_plain_applied"]
}
}

output {
azure_loganalytics {
customer_id => "main Log Analytics"
shared_key => xxxxxxxxxx
log_type => "Syslog"
time_generated_field => "iso8610timestamp"
key_names => ['cloud','message','winlog','instance','agent','host','tags']
key_types => {'cloud'=>'string' 'message'=>'string' 'winlog'=>'string' 'instance'=>'string' 'tags'=>'string' agent=>'string' host=>'string'}
flush_items => 10
flush_interval_time => 5
}

    azure_loganalytics {
    customer_id => "resource group of event hub 1 "
    shared_key => "xxxxxxxxxx"
    log_type => "Syslog"
    time_generated_field => "iso8610timestamp"
    key_names => ['cloud','message','instance','winlog','agent','host','tags']
    key_types => {'cloud'=>'string' 'message'=>'string' 'winlog'=>'string' 'instance'=>'string' 'tags'=>'string' agent=>'string' host=>'string'}
     flush_items => 10
    flush_interval_time => 5

}
}

input {
azure_event_hubs {
event_hub_connections => ["Endpoint=this is event Hub 2"]
threads => 3
decorate_events => true
consumer_group => "$Default"

}
}
filter {
if "beats_input_codec_plain_applied" in [tags] {
mutate {
remove_tag => ["beats_input_codec_plain_applied"]
}
}

output {
azure_loganalytics {
customer_id => "this is the main Azure Log Analytics"
shared_key => "xxxxxxxxxx"
log_type => "Syslog"
time_generated_field => "iso8610timestamp"
key_names => ['cloud','message','winlog','instance','agent','host','tags']
key_types => {'cloud'=>'string' 'message'=>'string' 'winlog'=>'string' 'instance'=>'string' 'tags'=>'string' agent=>'string' host=>'string'}
flush_items => 10
flush_interval_time => 5
}

 azure_loganalytics {
	customer_id => "this is resource group 2"
	shared_key => "xxxxxxxxxxxx"
	log_type => "Syslog"
	time_generated_field => "iso8610timestamp"
	key_names => ['cloud','message','instance','winlog','agent','host','tags']
	key_types => {'cloud'=>'string' 'message'=>'string' 'winlog'=>'string' 'instance'=>'string' 'tags'=>'string' agent=>'string' host=>'string'}
	flush_items => 10
	flush_interval_time => 5

}
}

system · February 2, 2020, 5:10pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.