Hi,
I have a source appliance (it is sealed to me, and not changeable) that can be configured to output its syslog data to a single receiver. I need to forward the raw syslog to kibana so it can be searched and used by various teams. I also need to analyze the syslog data and produce metrics, so I want to use an aggregator in telegraf that then outputs to an InfluxDB instance.
I haven’t found a way to configure an output plugin to skip the aggregators or processors. So I don’t think I can include both output plugins in the same instance of telegraf.
Right now, the only way I can think to accomplish this is by running two instances of telegraf:
- Configure the appliance to send the syslog to the first telegraf
- Configure the first telegraf to use the syslog input plugin
- Configure the first telegraf with two output plugins
3.a. One to feed kibana
3.b. One to feed the other instance of telegraf - The second instance of telegraf would have an input plugin listening for the output of the first instance
- The second telegraf would run the ValueCounter plugin
- The second telegraf would have one output plugin configured to send the data to InfluxDB.
This seems unnecessarily complex; not to mention I haven’t figured out how to configure them as two independent services. I’d like to do this “the right way”, whatever way that may be.
Can someone either tell me how to fork a copy of the input to get a copy into Kibana, or verify my assumption that it can’t be done in a single instance of telegraf?
Thanks!
John
