You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-logstash-data-connection-rules.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -81,7 +81,7 @@ The Microsoft Sentinel output plugin for Logstash sends JSON-formatted data to y
81
81
82
82
The Microsoft Sentinel output plugin is available in the Logstash collection.
83
83
84
-
- Follow the instructions in the Logstash [Working with plugins](https://www.elastic.co/guide/en/logstash/current/working-with-plugins.html) document to install the **[microsoft-logstash-output-azure-loganalytics](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/microsoft-sentinel-logstash-output-plugin)** plugin.
84
+
- Follow the instructions in the Logstash [Working with plugins](https://www.elastic.co/guide/en/logstash/current/working-with-plugins.html) document to install the **[microsoft-sentinel-logstash-output-plugin](https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/microsoft-sentinel-logstash-output-plugin)** plugin.
85
85
- If your Logstash system does not have Internet access, follow the instructions in the Logstash [Offline Plugin Management](https://www.elastic.co/guide/en/logstash/current/offline-plugins.html) document to prepare and use an offline plugin pack. (This will require you to build another Logstash system with Internet access.)
86
86
87
87
### Create a sample file
@@ -390,12 +390,13 @@ After you retrieve the required values:
390
390
391
391
#### Optional configuration
392
392
393
-
|Field |How to retrieve |Default value |
393
+
|Field |Description |Default value |
394
394
|---------|---------|---------|
395
395
|`key_names` |An array of strings. Provide this field if you want to send a subset of the columns to Log Analytics. |None (field is empty) |
396
396
|`plugin_flush_interval` |Defines the maximal time difference (in seconds) between sending two messages to Log Analytics. |`5` |
397
397
|`retransmission_time` |Sets the amount of time in seconds for retransmitting messages once sending failed. |`10` |
398
398
|`compress_data` |When this field is `True`, the event data is compressed before using the API. Recommended for high throughput pipelines. |`False` |
399
+
|`proxy` |Specify which proxy URL to use for all API calls. |None (field is empty) |
399
400
400
401
#### Example: Output plugin configuration section
401
402
@@ -410,6 +411,7 @@ output {
410
411
dcr_stream_name => "<enteryourstreamnamehere> "
411
412
create_sample_file=> false
412
413
sample_file_path => "c:\\temp"
414
+
proxy => "http://proxy.example.com"
413
415
}
414
416
}
415
417
```
@@ -451,4 +453,4 @@ If you are not seeing any data in this log file, generate and send some events l
451
453
452
454
In this article, you learned how to use Logstash to connect external data sources to Microsoft Sentinel. To learn more about Microsoft Sentinel, see the following articles:
453
455
- Learn how to [get visibility into your data and potential threats](get-visibility.md).
454
-
- Get started detecting threats with Microsoft Sentinel, using [built-in](detect-threats-built-in.md) or [custom](detect-threats-custom.md) rules.
456
+
- Get started detecting threats with Microsoft Sentinel, using [built-in](detect-threats-built-in.md) or [custom](detect-threats-custom.md) rules.
0 commit comments