Syslog output plugin send rate limit

Hi all,

we are using logstash as part of our logging infrastructure and a prefilter to our SIEM system. The last step for this is to send events from logstash to the SIEM using syslog.

To leverage the buffering capabilites from logstash and smooth out bursts against our SIEM events per second license, I would like to implement some rate limiting in the syslog output plugin. Something like "Only send 5000 events per second through this output".

Is there any way to do this? I'm aware of the throttling plugin, but from my understanding of the plugin that's not what I'm looking for.

Any ideas/suggestions?

Best regards,
Sebastian

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.