Hi,
In the docs it says that for topology mapping to work elasticsearch must be enabled as an output. In most circumstances users will need to send logs via logstash for sanitisation.
So, will it not be that enabling elasticsearch as an output, to enable this feature, leads to duplication entries in elasticsearch?
Regards,
David
Topology is a feature related to packetbeat where most people connect directly to elasticsearch. The topology option only makes sense for Packetbeat.
I see, it's described in the documentation for filebeat and is described in filebeat.yml. Thanks for clarifying 
That's an unfortunate side effect of using shared config options across the Beats (the doc content comes from a shared file). 
I can't remove the description from the Filebeat doc, but I will make sure that the limitation is clearly stated wherever the topology is discussed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.