It's not too clear in the filebeat syslog input documentation, but can filebeat output in RFC3164 or RFC5424 format (to file or to other remote syslog destination) or can it only write to JSON (Logstash/Elastic/local filesystem)?
Hi @sgreszcz 
Here you can read the outputs you can use https://www.elastic.co/guide/en/beats/filebeat/master/configuring-output.html
You can also use Elasticsearch output to do parsing and formatting https://www.elastic.co/guide/en/beats/filebeat/master/configuring-ingest-node.html but as far as I know there's no way to do it directly in the Filebeat.
Best regards
1 Like
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.