Multiple resources on conf

Sunflower · January 4, 2021, 10:52am

Hi,

I have multiple resources that I want to configure to send Syslog to Logstash and then send it to S3.
I'd appreciate hearing your thoughts regarding the two following options:

Multiple resources on the input, each resource would be configured with a unique port and would receive a unique type.
One resource on the input and then add different tags on the filter, using the grok plugin. I should dig into this matter.

Thank you.

ylasri · January 5, 2021, 1:59am

Multiple inputs with same port will not be possible, every input is runned as separate thread and request to binf on that port
Yes this is possible if the ressource is provided with the tag at the source

Sunflower · January 4, 2021, 10:58am

Hi
Thank you for your super quick reply.
Let me clarify the first option, I though of configuring multiple inputs, each one will have a different port and also I'd be able to add a type for each one of them and work on them separately in the filter. am I right?
Is this option is better or the second one?

Thank you

ylasri · January 4, 2021, 11:04am

Yes if you configure multiple inputs, each one will bind a specific tcp/udp port will better for large scale, but again you need to configure each source of a group of sources to send to a specific port depending on the volume you have

Sunflower · January 4, 2021, 11:15am

Got it, I think that would work for me.
One more question regarding the second option, in case all the resources would send the logs using the same port, I would have to add tags to distinguish between the different resources, am I right?

ylasri · January 4, 2021, 11:22am

Only at the source level

Sunflower · January 4, 2021, 11:40am

Thank you for your help