In my opinion it’s much better using a lightweight log shipper like socat to ship logs to Logstash. This way you can save yourself from running a Java process on the source host where your logs are. You can specify UDP as your Logstash input. The benefit of UDP is that nothing is negatively impacted […]
What I noticed with logstash version 1.1.5 and even 1.1.1, is that when using the UDP input type in logstash, each line of input is not split into a separate event. The multiline filter expects each line of input to be a separate event, otherwise it won’t work properly. Therefore, before using the multiline filter, […]
If you enjoyed the post, make sure you subscribe to the RSS feed.
© 2024
Powered by WordPress. Design by 
