Show udp source port

Alex_Der · May 31, 2021, 5:03pm

I'm using Logstash to ingest the logs sent (via udp) by 5 different applications running on another machine.
Each aplication sends its log to Logstash from a different port (e.g. application_1 from port 1760, application_2 from port 1761 etc). Their source code can not be modified.
I would like to filter the logs via the source.port, but I don't understand how to make it visible in Logstash and ultimately in Kibana.
Is there a way to find out the source port of the received log?

My Logstash conf file looks like this

input {
  udp {
    port => 10514
    type => udp
  }
}

filter {
 grok {
    match => { "message" => "%{GREEDYDATA:log_message}\s"}
  }
}

output {
  elasticsearch { hosts => ["server_ip:9200"]
    user => "elastic"
    password => "pass"
    index => "log-%{+YYYY.MM.dd}"
    }
  stdout { codec => rubydebug }
}

Badger · May 31, 2021, 5:49pm

Not using the udp input that ships with logstash. The code pulls the IP address out of the inet_addr structure and adds that to the event, but does not do the same for the source port. You could trivially modify the input to do so and build it yourself.

system · June 28, 2021, 5:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filter by multiple source ports Logstash	3	93	June 14, 2024
Multiple data sources over same port Logstash	3	439	December 6, 2021
Is logstash taking packets? Logstash	10	377	June 5, 2018
Manage different type of logs with logstash Logstash	5	309	October 26, 2020
Logstash receive from multiple source & data analysis Logstash	18	2364	July 6, 2017

Show udp source port

Related Topics