Logstash comes with a large and vibrant plugin eco-system. This includes a number of plugins that are often used to enrich events with additional information, especially for network or security related data feeds. It is however not always easy to decide which plugins are most appropriate for a specific use-case.
Guy Boertje and Christian Dahlqvist present use-cases, best practices and practical tips for these plugins, that will allow you to add a number of useful plugins to your Logstash plugin toolbelt.
- Flexible enrichment using the translate plugin
- Adding data from relational databases and Elasticsearch
- Enriching network data