Reference: Conflicted about Beats, Logstash and ES
Lets say I pipe a few Beats (in a remote DC) through Logstash, and a few beats direct to ES, can I send them to the same index? Wondering if Logstash would change the events significantly, that I have to use different indexes.
I would also like to use the canned dashboards... hopefully as they are.
If you simply route the events through Logstash and follow the recommendations in our documentation for installing the index template and naming your indices then things should work fine.
If you do any processing inside of Logstash just be mindful not to change the data types of existing fields and I think you'll be fine.
Thanks @andrewkroh! Almost there... but for these 2 issues:
I fixed for both by updating the visualization and changing the template. But I'd like to understand what I could have done wrong. I'm not doing any filtering - just in/out.
What I'm actually doing is: Beats --> Logstash --> Logstash --> Elasticsearch
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.