Hello. I'm trying to forward syslog messages to my ES cluster and UDP output to external server at the same time. But, for UDP output I don't want to change its contents. For example: now, logstash insert timestamp field and remove facility:
input message:
USER.LOCAL
2019-10-08T14:49:46Z HOST storageRM[5591140]: KB-IT-Store, 0
output message:
2019-10-08T14:50:57.228Z X.X.X.X. <13>2019-10-08T14:50:57Z HOST storageRM[5591140]: KB-IT-Store, 0
Logstash config:
input {
udp {
port => 1514
type => syslog
id => "syslog_udp"
}
}
output {
if [type] == "syslog" {
pipeline {
send_to => syslog_pipe
}
udp {
host => "10.x.x.x"
port => "514"
codec => "plain"
}
How can I do that?
Thanks!