I'm using Logstash to ingest the logs sent (via udp) by 5 different applications running on another machine.
Each aplication sends its log to Logstash from a different port (e.g. application_1 from port 1760, application_2 from port 1761 etc). Their source code can not be modified.
I would like to filter the logs via the source.port, but I don't understand how to make it visible in Logstash and ultimately in Kibana.
Is there a way to find out the source port of the received log?
My Logstash conf file looks like this
input {
udp {
port => 10514
type => udp
}
}
filter {
grok {
match => { "message" => "%{GREEDYDATA:log_message}\s"}
}
}
output {
elasticsearch { hosts => ["server_ip:9200"]
user => "elastic"
password => "pass"
index => "log-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}