logstash - Possible to specify two different codecs in lumberjack? -


i have put elk stack, having trouble regarding logstash configuration in /etc/logstash/conf.d have 2 input sources being forwarded 1 linux server, has logstash forwarder installed on "files" looking like:

{       "paths": ["/var/log/syslog","/var/log/auth.log"],       "fields": { "type": "syslog" }     },     {        "paths": ["/var/log/osquery/osqueryd.results.log"],       "fields": { "type": "osquery_json" }  }

as can see, 1 input osquery output (json formatted), , other syslog. current config logstash osquery.conf:

input {   lumberjack {     port => 5003     ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"     ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"     codec => "json"   } }  filter {    if [type] == "osquery_json" {       date {         match => [ "unixtime", "unix" ]       }    } }  output {   elasticsearch { host => localhost }   stdout { codec => rubydebug } }

which works fine 1 input source, not know how add other syslog input source same config, "codec" field in input -- can't change syslog...

i planning on adding input source in windows log format not being forwarded logstash forwarder. there anyway structure differently?

it's better remove codec input if going handling different codecs on same input:

input {   lumberjack {     port => 5003     ssl_certificate => "/etc/pki/tls/certs/logstash-forwarder.crt"     ssl_key => "/etc/pki/tls/private/logstash-forwarder.key"   } }  filter {    if [type] == "osquery_json" {       json {         source => "field_name_the_json_encoded_data_is_stored_in"       }       date {         match => [ "unixtime", "unix" ]       }    }    if [type] == "syslog" {     } }  output {   elasticsearch { host => localhost }   stdout { codec => rubydebug } }

then need decide want syslog messages.

i suggest splitting config multiple files. tend to use 01-filename.conf - 10-filename.conf inputs, 11-29 filters , above outputs. these files loaded in logstash in order printed in ls.


Comments

Post a Comment

Popular posts from this blog

java - Spring Data JPA: Why findOne(id) executing delete query internally? -

i have 1 application using @manytomany annotation link 2 different entities 1 parent entity. not sure if have implemented properly. when execute .findone() on parent entity's repository find it, @ first fetch data along executing delete queries internally delete record mapping table (a table jpa creates after adding @manytomany annotation.). following generated sql queries , code snippet: java class @entity @table(name = "inventory") public class inventory { @id long id; // many other properties @manytomany(fetch=fetchtype.lazy) private list<stream> streams; @manytomany(fetch=fetchtype.lazy) private list<subject> subjects; } there no other annotation i've put in stream , subject entity class link inventory class. when run app, create following tables: inventory stream subject inventory_stream inventory_subject (inventory_stream , inventory_subject, 2 tables created automatically, don't k...
Read more

python - Mongodb How to add addtional information when aggregating? -

i beginner , wrote line pipeline works, wanna add other information output, screen name , or number of tweets.i tried add under $group gave me syntax error everytime here pipeline: def make_pipeline(): # complete aggregation pipeline pipeline = [ { '$match': { "user.statuses_count": {"$gt":99 }, "user.time_zone": "brasilia" } }, { "$group": { "_id": "$user.id", "followers": { "$max": "$user.followers_count" } } }, { "$sort": { "followers": -1 } }, { "$limit" : 1 } ]; i using on example : { "_id" : objectid("5304e2e3cc9e684aa98bef97"), "text" : "first week of school on :p", "in_reply_to_status_id" : null, "retweet_count" : null, ...
Read more

java - Incorrect order of records in M-M relationship in hibernate -

Image
i have 4 records in bridge table in mysql database. using @manytomany in hibernate, accurate order of employees incorrect incorrect of projects. following required material figure out doing mistake. this source. @entity @table(name="project") public class projectbean { @id @generatedvalue @column(name="project_id") private int projectid; @column(name="title") private string projecttitle; @manytomany(mappedby="projects") private collection<employeebean> employees; public projectbean() { employees = new arraylist<employeebean>(); } //getters & setters } @entity @table(name="employee") public class employeebean { @id @generatedvalue @column(name="employee_id") private int employee_id; @column(name="first_name") private string ...
Read more