-
Notifications
You must be signed in to change notification settings - Fork 3.5k
Ingest Custom Logs LogStash
ashwin-patil edited this page Aug 12, 2020
·
8 revisions
Follow the Official Installing Logstash instructions.
- Install Java
sudo apt-get install default-jre- Download and install the Public Signing Key
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -- Run sudo apt-get update. You can install it with:
sudo apt-get update && sudo apt-get install logstashFollow the installtion instructions from Azure Sentinel Github Dataconnectors for microsoft-logstash-output-azure-loganalytics
bin/plugin install microsoft-logstash-output-azure-loganalytics
# or
bin/logstash-plugin install microsoft-logstash-output-azure-loganalytics (Newer versions of Logstash)
Check the example configuration file. You can also find more configuration examples in the Azure Sentinel Community github under parsers
output {
microsoft-logstash-output-azure-loganalytics {
customer_id => "<OMS WORKSPACE ID>"
shared_key => "<CLIENT AUTH KEY>"
log_type => "<LOG TYPE NAME>"
key_names => ['key1','key2','key3'..] ## list of Key names
key_types => {'key1'=> 'string' 'key2'=>'double' 'key3'=>'boolean' .. }
flush_items => <FLUSH_ITEMS_NUM>
flush_interval_time => <FLUSH INTERVAL TIME(sec)>
}
}
bin/logstash -f config-file.conf
If you are looking for ARM template to do scalable syslog CEF collection using Logstash, refer the DataConnector for more instructions.
- Ingest Custom Logs via REST API