Logstash input plugin

This input plugin needs to be configured to bind to a TCP port, and can be constrained to bind to a particular interface by providing the IP to host.

Unless SSL is disabled, this plugin needs to be configured with identity material:

When communicating over SSL, this plugin can be configured to either request or require that connecting clients present their own identity claims with ssl_client_authentication.

Certificates that are presented by clients are validated by default using the system trust store to ensure that they are currently-valid and trusted, and that the client can prove possession of its associated private key. You can provide an alternate source of trust with:

You can also configure this plugin to require a specific username/password be provided by configuring username and password. Doing so requires connecting logstash-output plugin clients to provide matching username and password.

Specify which interface to listen on by providing its ip address. By default, this input listens on all available interfaces.

Password for password-based authentication. Requires username.

Specify which port to listen on.

Path to a PEM-encoded certificate or certificate chain with which to identify this plugin to connecting clients. The certificate SHOULD include identity claims about the ip address or hostname that clients use to establish a connection.

One or more PEM-encoded files defining certificate authorities for use in client authentication. This setting can be used to override the system trust store for verifying the SSL certificate presented by clients.

By default the server doesn’t do any client authentication. This means that connections from clients are private when SSL is enabled, but that this input will allow SSL connections from any client. If you wish to configure this plugin to reject connections from untrusted hosts, you will need to configure this plugin to authenticate clients, and may also need to configure its source of trust.

SSL is enabled by default, which requires configuring this plugin to present its identity.

You can disable SSL with +ssl_enabled => false+. When disabled, setting any ssl_* configuration causes configuration failure.

A path to a PEM-encoded encrypted PKCS8 SSL certificate key.

Password for the ssl_keystore_path

A path to a JKS- or PKCS12-formatted keystore with which to identify this plugin to Elasticsearch.

A password or passphrase of the ssl_key.

Username for password-based authentication. When this input plugin is configured with a username, it also requires a password, and any upstream logstash-output plugin must also be configured with a matching username/password pair.

Add a field to an event

Disable or enable metric logging for this specific plugin instance by default we record all the metrics we can, but you can disable metrics collection for a specific plugin.

Add a unique ID to the plugin configuration. If no ID is specified, Logstash will generate one. It is strongly recommended to set this ID in your configuration. This is particularly useful when you have two or more plugins of the same type, for example, if you have 2 logstash inputs. Adding a named ID in this case will help in monitoring Logstash when using the monitoring APIs.

input {
  logstash {
    id => "my_plugin_id"
  }
}

Add any number of arbitrary tags to your event.

This can help with processing later.

Add a type field to all events handled by this input.

Types are used mainly for filter activation.

The type is stored as part of the event itself, so you can also use the type to search for it in Kibana.

If you try to set a type on an event that already has one (for example when you send an event from a shipper to an indexer) then a new input will not override the existing type. A type set at the shipper stays with that event for its life even when sent to another Logstash server.