I have a single instance of elasticsearch, kibana and i am getting the data in this via agents and filebeats.
is there a way to "forward" the data that is ingested into elasticsearch to another device or instance?
It depends on how you are sending logs to Elasticsearch.
Elasticsearch itself does not send log anywhere, but some tools, like Logstash, have the option to send the logs to multiple destinations.
Elastic Agent and Filebeat cannot do that, they can only have a single output.
Another option is to use a tool, Logstash for example, to consume the data in Elasticsearch and send somehwere else.
1 Like
leandrojmp thank you for the reply.
So i am sending the logs to elasticsearch via agents and beats, i dont mind how i forward them on.
By your response i assume it would be using logstash to complete this. Do you know the configuration of a logstash instance to forward all ingested information on elasticsearch to a separate IP address?
This logstash instance is on the same VM as the elasticsearch instance.
Any help is greatly appreciated.
If you have data already available in Elasticsearch you can use Elasticsearch input plugin in logstash pipeline to read data from Elasticsearch and use http output plugin in logstash to send it to destination. Here are some use ful links for the logstash plugins.
Elasticsearch input plugin:Elasticsearch input plugin | Logstash Reference [8.8] | Elastic
Http output plugin:Http output plugin | Logstash Reference [8.8] | Elastic
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.