Sending the data using Logstash
Logstash is an open source tool for collecting, parsing and storing logs for future use. It ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite repository (in this case, Devo).
Logstash is used to read data from multiple data sources and send it:
- directly to Devo
- using an In-house Relay through the port 13000 (already tagged events). In this case, the relay will securely send the data to Devo, so there is no need to include the certificates in the Logstash configuration file.
These are some of the data sources that Logstash can read:
- Any DB through JDBC
- Any web site through HTTP
- Windows Event Logs
- Cloud services like Amazon S3, Twitter, Salesforce, etc.
- Other protocols like TCP, UDP, XMPP, IMAP, etc.
DOWNLOAD & UNZIP → CONFIGURATION FILE → EXECUTE
Download and install Logstash
Download Logstash from the Logstash web page. Once downloaded, decompress the file.
Now install the plugin for syslog output plugin:
bin/logstash-plugin install logstash-output-syslog
For more details on installing Logstash, click here.
Create and set up the configuration file
The Logstash must be created and should contain three sections of variables:
- Input - Identifies the input data streams including files, HTTP, SQL, and so on.
- Filter - This section is optional. Here you identify and filter plugins to be used to process the data.
- Output - Identifies the destination system. When sending directly to Devo, and not through a relay, this section will reference the authentication certificates.
Check the Configuration file examples article for more details.
To start Logstash, run the following command in the Logstash path:
./bin/logstash -f <configuration file>