You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/sentinel/connect-logstash-data-connection-rules.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,7 +14,7 @@ ms.author: lwainstein
14
14
15
15
Microsoft Sentinel's new Logstash output plugin supports pipeline transformations and advanced configuration via Data Collection Rules (DCRs). The plugin forwards any type of logs from external data sources into custom or standard tables in Log Analytics or Microsoft Sentinel.
16
16
17
-
In this article, you learn how to set up the new Logstash plugin to stream the data into Log Analytics using DCRs, with full control over the output schema. Learn how to **[deploy the plugin](#deploy-the-microsoft-sentinel-log-analytics-output-plugin-in-logstash)**.
17
+
In this article, you learn how to set up the new Logstash plugin to stream the data into Log Analytics or Microsoft Sentinel using DCRs, with full control over the output schema. Learn how to **[deploy the plugin](#deploy-the-microsoft-sentinel-output-plugin-in-logstash)**.
18
18
19
19
> [!NOTE]
20
20
> A [previous version of the Logstash plugin](connect-logstash.md) allows you to connect data sources through Logstash via the Data Collection API.
@@ -49,7 +49,7 @@ The Logstash engine is comprised of three components:
49
49
50
50
The Microsoft Sentinel output plugin for Logstash sends JSON-formatted data to your Log Analytics workspace, using the Log Analytics Log Ingestion API. The data is ingested into custom logs or standard table.
51
51
52
-
- Learn more about the [Logs ingestion API](../azure-monitor/logs/logs-ingestion-api-overview).
52
+
- Learn more about the [Logs ingestion API](../azure-monitor/logs/logs-ingestion-api-overview.md).
53
53
54
54
## Deploy the Microsoft Sentinel output plugin in Logstash
55
55
@@ -122,7 +122,7 @@ input {
122
122
The plugin writes ten records to a sample file named `sampleFile<epoch seconds>.json` in the configured path. For example: *c:\temp\sampleFile1648453501.json*.
123
123
Here is part of a sample file that the plugin creates:
124
124
125
-
```
125
+
```json
126
126
[
127
127
{
128
128
"host": "logstashMachine",
@@ -174,7 +174,7 @@ In this scenario, you configure the Logstash input plugin to send syslog events
174
174
175
175
The plugin writes ten records to a sample file named `sampleFile<epoch seconds>.json` in the configured path. For example: *c:\temp\sampleFile1648453501.json*.
176
176
Here is part of a sample file that the plugin creates:
177
-
```
177
+
```json
178
178
[
179
179
{
180
180
"logsource": "logstashMachine",
@@ -252,7 +252,7 @@ Note that:
252
252
- The `dataflows` property transforms the input to the Syslog table format, and sets the `outputStream` to `Microsoft-Syslog`.
0 commit comments