Can we omit filter in this case?

Blason · November 5, 2017, 3:30pm

Hi Guys,

If I am accepting input over beats can I completely omit filter? I mean just input { beats port 5044} and then output {
elasticsearch {
hosts => [192.168.1.12"9200"]
}
}

warkolm · November 5, 2017, 8:42pm

What beat(s) are you using?

Blason · November 6, 2017, 2:26am

I am using filebeat & Packetbeats

warkolm · November 6, 2017, 2:31am

You can for packetbeat. Filebeat will depend on what format the source logs are in.

Blason · November 6, 2017, 10:16am

I see but are they not already parsing the logs before being sent?

warkolm · November 6, 2017, 9:34pm

No, filebeat does no parsing, it just ships.

Topic		Replies	Views
Parsing-log-files-with-filebeat-and-sending-them-to-elasticsearch Beats filebeat	1	10112	January 12, 2018
Use Logstash for filtering out "not importen data "and as output use Filebeat Logstash	2	343	January 17, 2020
Why do i need Logstash if filebeat can send data to Elasticsearch Beats filebeat	5	14857	January 10, 2017
Needs to drop audit beat data Logstash	1	217	August 25, 2022
Should we use filebeat include_lines to pre-filter messages before sent it to logstash? Beats filebeat	0	228	April 13, 2023

Can we omit filter in this case?

Related topics