Archive raw logs and also output filtered logs

hazzaap123 · March 20, 2018, 1:31pm

Hi,
I'm trying to set up a pipeline that takes log input from Filebeat, outputs the raw logs to Amazon S3, AND filters the logs to then store in elastic. Is there currently a way to configure the s3 output plugin to only output the raw message, whilst still outputting filtered message to elastic?

For a workaround, my next thought was to have two filebeat prospectors running at the same location, with each prospector assigning different tags. Then I could split upon the tag to decide which gets filtered and sent to elastic, and which gets outputted to s3. However, there seems to be issues with running multiple prospectors at the same file, so this is likely not feasible.

Any advice on my situation would be very much appreciated!

magnusbaeck · March 20, 2018, 7:52pm

Use a clone filter to split each input event in two. Process the copy as you like and send it to ES and route the original events to your s3 output.

system · April 17, 2018, 7:52pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filtered and unfiltered outputs Logstash	3	421	August 15, 2018
Sending data to multiple outputs with different parsing , we are using s3 input plugin Logstash	2	115	March 30, 2024
Logstash Output Issue Logstash	3	301	May 4, 2023
Logstash: Can not output to elasticsearch when using s3 input plugin Logstash	1	434	July 31, 2018
Filebeat lotstash output and 'exported fields' Beats filebeat	4	1790	March 16, 2018

Archive raw logs and also output filtered logs

Related Topics