Show udp source port

Alex_Der · May 31, 2021, 5:03pm

I'm using Logstash to ingest the logs sent (via udp) by 5 different applications running on another machine.
Each aplication sends its log to Logstash from a different port (e.g. application_1 from port 1760, application_2 from port 1761 etc). Their source code can not be modified.
I would like to filter the logs via the source.port, but I don't understand how to make it visible in Logstash and ultimately in Kibana.
Is there a way to find out the source port of the received log?

My Logstash conf file looks like this

input {
  udp {
    port => 10514
    type => udp
  }
}

filter {
 grok {
    match => { "message" => "%{GREEDYDATA:log_message}\s"}
  }
}

output {
  elasticsearch { hosts => ["server_ip:9200"]
    user => "elastic"
    password => "pass"
    index => "log-%{+YYYY.MM.dd}"
    }
  stdout { codec => rubydebug }
}

Badger · May 31, 2021, 5:49pm

Not using the udp input that ships with logstash. The code pulls the IP address out of the inet_addr structure and adds that to the event, but does not do the same for the source port. You could trivially modify the input to do so and build it yourself.

system · June 28, 2021, 5:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash fails get logs from UDP Logstash	2	1474	July 6, 2017
Logstash UDP plugin Logstash	12	997	November 22, 2017
Logstash - Multiple Log Sources 'Syslog' Logstash	3	1916	July 6, 2017
Where do I assign Logstash a port? Logstash	2	644	July 6, 2017
Multiple data sources over same port Logstash	3	455	December 6, 2021

Show udp source port

Related topics