Hi Guys,
If I am accepting input over beats can I completely omit filter? I mean just input { beats port 5044} and then output {
elasticsearch {
hosts => [192.168.1.12"9200"]
}
}
What beat(s) are you using?
I am using filebeat & Packetbeats
You can for packetbeat. Filebeat will depend on what format the source logs are in.
I see but are they not already parsing the logs before being sent?
No, filebeat does no parsing, it just ships.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.