Show udp source port

I'm using Logstash to ingest the logs sent (via udp) by 5 different applications running on another machine.
Each aplication sends its log to Logstash from a different port (e.g. application_1 from port 1760, application_2 from port 1761 etc). Their source code can not be modified.
I would like to filter the logs via the source.port, but I don't understand how to make it visible in Logstash and ultimately in Kibana.
Is there a way to find out the source port of the received log?

My Logstash conf file looks like this

input {
  udp {
    port => 10514
    type => udp

filter {
 grok {
    match => { "message" => "%{GREEDYDATA:log_message}\s"}

output {
  elasticsearch { hosts => ["server_ip:9200"]
    user => "elastic"
    password => "pass"
    index => "log-%{+YYYY.MM.dd}"
  stdout { codec => rubydebug }

Not using the udp input that ships with logstash. The code pulls the IP address out of the inet_addr structure and adds that to the event, but does not do the same for the source port. You could trivially modify the input to do so and build it yourself.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.