Beats to Logstash?

SteveP · September 20, 2019, 11:55pm

If I am taking in data from Beats do I need to go through Logstash to Elasticsearch or can I go directly to Elasticsearch and then visualize it in Kibana? I am bit confused as to how Logstash fits into Beats.

YuWatanabe · September 21, 2019, 12:03am

You could do both .

(a) beats => logstash (beats input) => elasticsearch
(b) beats => elasticsearch

In my opinion,

If you need to parse fields from your data, I think (a) is more flexible. However, you will have extra software in your pipeline though.

For (b) , you need ingest pipeline which you will construct using json syntax. If the pipeline become complex, you will have hard time creating it.

SteveP · September 21, 2019, 1:34am

Right now I am intaking syslog, but I can see this growing if it works well.

system · October 19, 2019, 3:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Beats to Elasticsearch or Beats to Logstash? Which is best practice Beats filebeat	3	471	April 10, 2018
Beats via Logstash and Elasticsearch Beats	3	445	September 5, 2018
Conflicted about Beats, Logstash and ES Beats	3	521	August 3, 2016
Beats require setup with elasticsearch as the output before using logstash as the output Logstash	1	194	March 4, 2021
Elastic Stack shipped dashboards for Kibana Beats	5	863	February 8, 2017

Beats to Logstash?

Related topics