Sending logs from on-prem logstash to hosted enterprise logstash

Hi guys,

I'm just reaching out for someone to point me in the right direction with a relatively simple query I have.

We have an hosted ELK stack and I am in the process of building a logstash instance in our on-prem VM estate to act as a log relay, particularly for syslogs from network devices. The config for the input side of things is clear, but the output and how to secure the connection isn't quite. I am assuming Lumberjack is the way to go for the output side of things? Please correct me if there is a better way.

What I want to do is receive syslogs and output them directly into our hosted ELK stack without storing anything locally. I have tested my input with the following and it is working ok:

#udp syslogs stream via 5514
input {  
  udp {
    type => "syslog"
    port => 5514

output {
  stdout {}

RE the output I plan on generating and self-signing a cert on the on-prem logstash instance, but beyond that, I have the following questions:

  • How do I send the cert up to the cloud ELK stack and where do I select it for use on the cloud end?
  • What host(s) would I specify in the lumberjack output and where could I find this? Is it just the "" hostname assigned to us?
  • What port would I use? Where is this configured on the cloud end?

Sorry if these questions seem a bit basic, but I've done a lot of searching and haven't found the answers out there and it has been a long time since I've done anything with ELK, and that was all on-prem so I didn't have these issues.

Thanks in advance for any help, it is greatly appreciated! :slight_smile:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.