Logstash Plugin for lookups via line based protocol

This is a plugin for Logstash.

It is fully free and fully open source. The license is MIT.

Documentation

This filter plugin does simple lookups for enrichment via a line based protocol. A query(1 line) is send via a socket and a response(1 line) is received and stored at the target field.

The query is dynamicly build and can use %{...} style variables

Configuration Options

Setting	Type	Required
query	string	yes
target	string	yes
socket_path	string	yes

Example config

filter {
 linelookup {
  query => "%{[source][ip]}"
  target => "[source][geo][name]"
  socket_path => "/var/run/lookup.sock"
 }
}

Name		Name	Last commit message	Last commit date
Latest commit History 5 Commits
lib/logstash/filters		lib/logstash/filters
.gitignore		.gitignore
CHANGELOG.md		CHANGELOG.md
Gemfile		Gemfile
LICENSE		LICENSE
README.md		README.md
Rakefile		Rakefile
logstash-filter-linelookup.gemspec		logstash-filter-linelookup.gemspec

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Logstash Plugin for lookups via line based protocol

Documentation

Configuration Options

Example config

About

Releases

Packages

Languages

License

securitym0nkey/logstash-filter-linelookup

Folders and files

Latest commit

History

Repository files navigation

Logstash Plugin for lookups via line based protocol

Documentation

Configuration Options

Example config

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages