Preprocessing logs with logstash and kafka

I want to know if there are blacklisted ip address that contact my web services in real-time.
Every day I download a blacklist of ip address and I want to add this information to my logs.
My idea is to pre-process logs and next to send logs to elasticsearch with this steps:

blacklistedip.txt--->Logstash--->Kafka--->Logstash--->Elasticsearch
Webserviceslogs--->Logstash-------^

Have you a better idea?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.