Due to some regulator requirements we have to backup log files from our applications. I am lookin to having filebeat ship the logs to logstash and was hoping logstash would write out the logfiles to the server so we can then back them up.
Is that possible and I am just missing the setup magic?
You can do that with a file output, e.g. like this:
file {
path => "/path/to/logfile.log"
codec => plain {
format => "%{message}"
}
}
Depending on the kind of processing you're doing in your filters you may have to use a clone filter to split each input event in two, one that isn't filtered and just reaches your file output and one with the usual set of filters.
The path to the output file can be set dynamically so that you can write to a file named like the original logfile (prefixed by the hostname e.g.). See https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.