Filtering Events with Logstash

We've added the hosts that couldn't use an agent to our Logstash environment. We've also deployed the Filebeat beat on all of our other hosts. Our project is back on track and we can start to look at some new log sources to get into Logstash. Looking at our project plan we've got four key log sources we need to tackle next:

  • Apache server logs
  • Postfix server logs
  • Java application logs
  • A custom log format for an in-house application

Let's look at each type of log source and see how we might go about getting them into Logstash. So far we've put log sources directly into Logstash without manipulating them in any way. It meant we got the message and some small amount of metadata about it (largely its source characteristics) ...

Get The Logstash Book now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.