Re: [Internet] [graylog2] Logstash to Graylog via GELF AMQP

[cazy]

Hi Mathieu,

I just tried it out. This works perfectly! Thank you!

On Monday, November 28, 2016 at 3:33:28 PM UTC+1, Mathieu Grzybek wrote:
>
> Hi,
>
> You need to add some filters to create a GELF message :
>
> filter {
>     mutate {
>         join                    => { "tags" => ", " }
>         add_field            => { "version" => "1.1" }
>         remove_field    => [ "@version", "@timestamp", "type" ]
>     }
> }
>
> output {
>     rabbitmq {
>         host    => "{{ host_ip }}"
>         port    => 5672
>
>         user    => "{{ logstash_user }}"
>         password    => "{{ logstash_pass }}"
>
>         vhost    => "{{ logstash_vhost }}"
>         exchange    => "{{ logstash_exchange }}"
>         exchange_type    => topic
>         durable    => true
>
>         codec => json 
>     }
> }
>
> Then, depending on your messages you can add some filtering rules or some 
> Graylog extractors.
>
> Mathieu
>
> On 11/28/16 13:27, cazy wrote:
>
> Hello everyone,
>
> we are trying to set up a log transport via GELF AMQP. At some stage of 
> the transport pipeline, there is Logstash, which should forward messages to 
> an AMQP broker such as RabbitMQ. Eventually, Graylog should receive 
> messages from the AMQP queues.
>
> "GELF AMQP" can be defined as Graylog input. However, there is only an 
> output plugin "rabbitmq" for Logstash; to my knowledge, it does not send 
> messages in the GELF format (like the GELF output plugin).
>
> So, is there a straightforward way to combine GELF with AMQP output? If 
> not, are there alternatives to achieve the same, e.g. with Kafka? Because 
> of architetural considerations, we need queueing at the log sources. And we 
> need GELF to retain meta information of log messages.
> -- 
> You received this message because you are subscribed to the Google Groups 
> "Graylog Users" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to graylog2+u...@googlegroups.com <javascript:>.
> To view this discussion on the web visit 
> https://groups.google.com/d/msgid/graylog2/5ea90446-4f8b-4cc0-954b-a2983f4149b6%40googlegroups.com
>  
> <https://groups.google.com/d/msgid/graylog2/5ea90446-4f8b-4cc0-954b-a2983f4149b6%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>
>
> -- 
> Le capitaine Mathieu GRZYBEK
> COMSOPGN / STIG / BCQ
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/10e05b28-985e-43ce-af2b-bc5d3af532de%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.