Is it possible that filebeat will recieve logs as syslog and will output them to logstash as json so i won't need to parse each kind of log?
thanks
Asked
Active
Viewed 1,892 times
1 Answers
0
Filebeat reads log files, it does not receive syslog streams and it does not parse logs.
Logstash however, can receive syslog using the syslog input if you log format is RFC3164 compliant. Otherwise, you can do what I assume you are already doing and sending to a UDP input.
Will Barnwell
- 4,049
- 21
- 34
-
hey, thank you for your answer Today i'm using grok to pharse the syslog so i will be able to view them properly in Kibana but the problem with that is that i have many kind of logs and managing the parsing is not sutable. so i thought if there is a sulotion for that case so i will send syslog as it is and it will automatically convert itself to json – sarit Apr 18 '17 at 09:02
-
You should look into http://stackoverflow.com/questions/28450501/multiple-patterns-in-one-log – Will Barnwell Apr 19 '17 at 13:52
-
thanks but it will not solve the problem im looking for something more gereric so if in some point we will have new pattern, i won't need to do anything – sarit Apr 20 '17 at 14:10
-
There's no magic, its very possible that you can write a better regex that handles more of your use cases, but the way that something would be "automatically converted to json" is if it was able to be parsed along an expected, regular pattern i.e. matched by a regular expression. – Will Barnwell Apr 21 '17 at 15:24
-
Also if your logs follow any sort of convention or are for a commonly used application, somebody has probably already written a grok pattern, or it might even exist in core logstash – Will Barnwell Apr 21 '17 at 15:25