Use json and plain text beats from filebeat to output to syslog configured in logstash

Arjun_kochhar · December 1, 2020, 10:13am

Hi, Very new to logstash and have a use case that I want to achieve. I have two different filebeat instances that write to same logstash instance. filebeat instance 1 sends json output and also sets field as json, while other filebeat instance 2 sends plain text and sets field as plain. I have the logstash instance configured to listen to them and writes it out to syslog server:

input {
  beats {
    port => 5044
  }
}

filter{
  mutate{
    add_field => ["timestamp", "%{@timestamp}"]
  }
}

output {
  syslog {
    host => "100.100.100.100"
    port => 514
    protocol => "tcp"
    ssl_verify => "false"
    rfc => "rfc5424"
  }
}

But if I understand it correctly, the default codec used for syslog output is plain. What is the recommended approach here to handle the json beats being received from filebeat instance 1?

system · December 29, 2020, 10:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
JSON and syslog in LogStash — how to handle them both? Logstash	2	2263	July 6, 2017
Can Filebeat send plain text instead of JSON Beats filebeat	2	2024	December 1, 2017
How to take beats inputs in multiple codecs in logstash Logstash	8	4076	July 6, 2017
Can I use both json and plain logs in a common filebeat input? Logstash	4	2763	July 6, 2017
Json vs plaintext output Logstash	2	1882	October 13, 2017

Use json and plain text beats from filebeat to output to syslog configured in logstash

Related topics