Hello,
I'm completely new and I'm evaluating some tool to implement my solution.
I'll use Beats as agent and when a new event come I'll send it to Logstash.
Can Logstash, based in the information receveid by Beats, enrich this data (querying a database to get more data for example) and then send it to Elasticsearch?
I really appreciate any help.
Thanks
Hi Ranieri,
Yes you can do lookup within a logstash pipeline using the Elasticsearch filter to query Elasticsearch and pull back values from documents that match the query and then enrich the original event with them. We do this to add customer specific data to syslog messages at indexing time.
https://www.elastic.co/guide/en/logstash/current/plugins-filters-elasticsearch.html
If you have a smaller set of lookup data you could use a translate filter with a dictionary lookup.
Regards
Mat
But can data be enrich with results from a database query or only be data already inside elastic search?
You will be able to do this with LS 5.3 and a new JDBC filter, which will be out soon.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.