36 строки
1.1 KiB
Plaintext
36 строки
1.1 KiB
Plaintext
// Logstash configuration file to ingest files from AWS S3 buckets
|
|
// Last Updated Date: Aug 14, 2020
|
|
//
|
|
// Usage Instructions:
|
|
// Azure Log Analytics output plugin for Logstash:
|
|
// https://github.com/Azure/Azure-Sentinel/tree/master/DataConnectors/microsoft-logstash-output-azure-loganalytics
|
|
//
|
|
// Follow the wiki article for installation of logstash and plugin usage Instructions.
|
|
// https://github.com/Azure/Azure-Sentinel/wiki/Ingest-Custom-Logs-LogStash
|
|
//
|
|
// Parser Notes:
|
|
// Make sure the log type name is specified as alpha characters (letters only), no digits or special characters allowed.
|
|
//
|
|
input{
|
|
s3 {
|
|
access_key_id => "<AWS_ACCESS_KEY_ID>"
|
|
secret_access_key => "<AWS_SECRET_ACCESS_KEY>"
|
|
bucket => "<AWS_S3_BUCKET_NAME>"
|
|
codec => "json"
|
|
}
|
|
}
|
|
filter {
|
|
split {
|
|
field => "Records"
|
|
}
|
|
}
|
|
output {
|
|
microsoft-logstash-output-azure-loganalytics {
|
|
workspace_id => "<WORKSTATION_ID>"
|
|
workspace_key => "SHARED_KEY"
|
|
custom_log_table_name => "<LOGTYPENAME>"
|
|
plugin_flush_interval => 5
|
|
}
|
|
# for debug
|
|
stdout { codec => rubydebug }
|
|
} |