2021-12-08 23:55:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								# Input section
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								input {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  http {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    id => "tpot"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    host => "0.0.0.0"
							 
						 
					
						
							
								
									
										
										
										
											2022-02-24 17:39:57 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    port => "64305"
							 
						 
					
						
							
								
									
										
										
										
											2022-03-31 14:46:56 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    ecs_compatibility => disabled
							 
						 
					
						
							
								
									
										
										
										
											2021-12-08 23:55:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								  }
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								}
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								# Output section
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								output {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  elasticsearch {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								    hosts => ["elasticsearch:9200"]
							 
						 
					
						
							
								
									
										
										
										
											2022-01-14 15:52:08 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    # With templates now being legacy we need to set the daily index with its template manually. Otherwise a new index might be created with differents settings configured through Kibana.
							 
						 
					
						
							
								
									
										
										
										
											2021-12-08 23:55:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								    index => "logstash-%{+YYYY.MM.dd}"
							 
						 
					
						
							
								
									
										
										
										
											2022-02-16 02:55:20 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    template => "/etc/logstash/tpot-template.json"
							 
						 
					
						
							
								
									
										
										
										
											2022-01-14 15:52:08 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								    template_overwrite => "true"
							 
						 
					
						
							
								
									
										
										
										
											2021-12-08 23:55:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								  }
							 
						 
					
						
							
								
									
										
										
										
											2025-06-30 14:06:45 +00:00 
										
									 
								 
							 
							
								
									
										 
								
							 
							
								 
							
							
								  # Syslog Output Example
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  # syslog {
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  #   host => "192.168.1.1"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  #   port => 514
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  #   protocol => tcp
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  #   appname => "logstash-logs"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  #   severity => "6"
							 
						 
					
						
							
								
							 
							
								
							 
							
								 
							
							
								  # }
							 
						 
					
						
							
								
									
										
										
										
											2021-12-08 23:55:13 +00:00 
										
									 
								 
							 
							
								
							 
							
								 
							
							
								}