Can we use datastreams with Filebeat?659+

willemdh · December 27, 2020, 6:26pm

Hello,

So "Can we use datastreams with Filebeat?" And more importantly, can we mix multiple inputs, where some use legacy ilm and some use datastreams? This is in a test 7.10.1 setup without Logstash.

For example untill now I had these 2 log inputs:

filebeat.inputs:
- type: log
  paths: C:\Windows\System32\LogFiles\Firewall\*.log
  pipeline: filebeat-windows-firewall
  fields_under_root: true
  fields.service.name: "Windows Firewall"
  
- type: syslog
  protocol.udp:
    max_message_size: 25KiB
    host: "192.168.1.102:10514"
  pipeline: filebeat-pfsense

I'd love to migrate my pfsense to a datastream, and leave the Windows Firewall logs as they are.

logs-netgate.pfsense-default should be the name of the datastream. Should I try use a conditional on output.elasticsearch.index? Should I set _index in the new pipeline? Or what is the recommended way to start migrating to datastreams?

Grtz

Willem

system · January 24, 2021, 8:26pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat UDP input problem setting up on Windows Beats filebeat	3	732	October 21, 2019
Filebeat Netflow Input to Logstash Elastiflow Pipeline Beats filebeat	1	453	May 19, 2020
Beats protocol input option Beats filebeat	1	210	August 26, 2019
Grabbing UDP data stream with Beats? Beats filebeat	2	347	September 26, 2020
Filebeat - Datastreams? Beats filebeat	2	1311	November 22, 2021

Can we use datastreams with Filebeat?659+

Related topics