An operator is the most basic unit of log processing. Each operator fulfills a single responsibility, such as reading lines from a file, or parsing JSON from a field. Operators are then chained together in a pipeline to achieve a desired result.
For instance, a user may read lines from a file using the file_input operator. From there, the results of this operation may be sent to a regex_parser operator that creates fields based on a regex pattern. And then finally, these results may be sent to a elastic_output operator that writes each line to Elasticsearch.
Inputs:
- file_input
- generate_input
- journald_input
- k8s_event_input
- stdin
- syslog_input
- tcp_input
- udp_input
- windows_eventlog_input
Parsers:
- csv_parser
- json_parser
- regex_parser
- syslog_parser
- severity_parser
- time_parser
- trace_parser
- uri_parser
Outputs:
General purpose:
Or create your own plugins for a technology-specific use case.