Abstract: Logstash provides a high-value tool for enriching and extracting value from your logs; but sometimes you want something extra and you get inspired to create a Logstash plugin. Creating plugins is not very difficult, but getting started can be a bit painful. In this talk, the speaker will show you how you can get started very easily using a Docker image (see https://github.com/cameronkerrnz/logstash-plugin-dev). We’ll see how to write a Ruby plugin as well as the new pure-Java plugins, including unit and performance testing. As examples the speaker will show logstash-filter-dnssummary (https://github.com/cameronkerrnz/logstash-filter-dnssummary) for summarising FQDNs to the level of the ‘site’, and more excitingly logstash-filter-mmdb (https://github.com/cameronkerrnz/logstash-filter-mmdb) which lets you enrich your IP addresses into their subnets/VLANs or whatever you like using a custom MMDB, based on the data in your IP Address Management solution.
Speaker: Cameron Kerr, Group Leader, Innovation Portfolio, Systems Services, IT Infrastructure, Information Technology Services, University of Otago, New Zealand. Cameron’s effort is spent in modernising and standardising our approach to IT service delivery within IT Infrastructure, which includes on-premises services, network, datacentre, and beyond. As such, he is deeply interested in monitoring, testing, automation and architecture of IT services in an enterprise environment. Most at home in an Open Source landscape, Cameron routinely works with technologies such as Linux, Python, Ansible, Elasticsearch, Prometheus, Grafana, Docker and more.