Use json and plain text beats from filebeat to output to syslog configured in logstash

Arjun_kochhar · December 1, 2020, 10:13am

Hi, Very new to logstash and have a use case that I want to achieve. I have two different filebeat instances that write to same logstash instance. filebeat instance 1 sends json output and also sets field as json, while other filebeat instance 2 sends plain text and sets field as plain. I have the logstash instance configured to listen to them and writes it out to syslog server:

input {
  beats {
    port => 5044
  }
}

filter{
  mutate{
    add_field => ["timestamp", "%{@timestamp}"]
  }
}

output {
  syslog {
    host => "100.100.100.100"
    port => 514
    protocol => "tcp"
    ssl_verify => "false"
    rfc => "rfc5424"
  }
}

But if I understand it correctly, the default codec used for syslog output is plain. What is the recommended approach here to handle the json beats being received from filebeat instance 1?

system · December 29, 2020, 10:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Getting filebeat to process JSON logs from osquery Beats	5	5781	July 26, 2016
Can I use both json and plain logs in a common filebeat input? Logstash	4	2731	July 6, 2017
JSON and syslog in LogStash — how to handle them both? Logstash	2	2224	July 6, 2017
FileBeat 1.3.1 sends logs containing json to logstash 2.4 Beats filebeat	1	295	April 13, 2019
Parse json with filebeat and send to logstash Beats filebeat	1	221	May 3, 2022

Use json and plain text beats from filebeat to output to syslog configured in logstash

Related topics