Skip to content

Syslog Udp Output

Use the UDP bolt to send traffic towards a UDP server. The UDP bolts is configured just like the syslog (tcp) bolt. However it has a much simpler configuration because it does not support any acknowledgement option, nor SSL.

Info

it makes no sense to use a UDP bolt with multi-group or load-balancing strategies. These relies on TCP connection closing to switchover from one peer to another. However the syslog bolt does support multi-stream configuration, should you need to direct logs received on one incoming stream to a given UDP destination.

Here is an example configuration:

{
    "type" : "syslog_udp_bolt",
    "component" : "syslog_udp_spout",
    "settings" : {
         "destination" : [
           {
               "host" : "target.ip.address",
               "port" : 9999,
           }
         ]
     },
      "subscribe" : [ 
           { 
             "component" : "the.spout.or.bolt.you.subscribe.from", 
             "stream" : "logs", 
             "grouping": "localOrShuffle" 
           } 
         ]
     }
 }

Per stream destinations are also supported, refer to Per Stream Destinations.