Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Logstash

Supported Platforms

PlatformMetricsLogsTraces
Linux
Windows
macOS

Directions & Caveats

For clear directions on use, and the caveats on how to configure Logstash, see: Using Logstash with BindPlane OP

Configuration Table

ParameterTypeDefaultDescription
listen_port*int2255Port to listen on.
listen_ipstring"0.0.0.0"IP Address to listen on.
log_typestringlogstashArbitrary for attribute 'log_type'. Useful for filtering between many logstash sources.
parse_formatenumnoneMethod to use when parsing. Valid values are none, json, and regex. When regex is selected, 'Regex Pattern' must be set.
regex_patternstringThe regex pattern used when parsing log entries.
multiline_line_start_patternstringRegex pattern that matches the beginning of a log entry, for handling multiline logs.
multiline_line_end_patternstringRegex pattern that matches the end of a log entry, useful for terminating parsing of multiline logs.
parse_timestampboolfalseWhether to parse the timestamp from the log entry.
timestamp_fieldstringtimestampThe field containing the timestamp in the log entry.
parse_timestamp_formatenumISO8601The format of the timestamp in the log entry. Choose a common format, or specify a custom format. Options include "ISO8601", "RFC3339", "Epoch", and "Manual".
epoch_timestamp_formatenumsThe layout of the epoch-based timestamp. Required when parse_timestamp_format is set to "Epoch".. Options include "s", "ms", "us", "ns", "s.ms", "s.us", "s.ns".
manual_timestamp_formatstring'%Y-%m-%dT%H:%M:%S.%f%z'The strptime layout of the timestamp. Used when parse_timestamp_format is set to "Manual".
timezonetimezoneUTCThe timezone to use if the Timestamp Format doesn't include a timezone. Otherwise, the timezone in the Timestamp Format will be respected. NOTE: This is also required to parse timezone abbreviations, due to their ambiguity.
parse_severityboolfalseWhether to parse severity from the log entry.
severity_fieldstringseverityThe field containing the severity in the log entry.
parse_tostringbodyThe field that the log will be parsed to. Some exporters handle logs favorably when parsed to attributes over body and vice versa.
preserve_originalboolfalseWhen this option is set to true, the original event will be preserved under the attributes
enable_tlsboolfalseWhether or not to use TLS.
tls_certificate_pathstringPath to the TLS cert to use for TLS-required connections.
tls_private_key_pathstringPath to the TLS key to use for TLS-required connections.
tls_min_versionenum"1.2"The minimum TLS version to support. 1.0 and 1.1 should not be considered secure. Valid values include: 1.3, 1.2, 1.1, 1.0.
*required field