Hello,
I am trying to understand if we have to use field or tag in filebeat prospectors. What are the use cases of using fields and tags? When should we use fields over tags? Is there any performance impact on elasticsearch on using tags over fields or vice versa?
Thanks
Phaniraj
it depends on your use case. I doubt there is a noticeable performance impact on using one or the other.
Fields are more flexible and better suited to embed custom information. They are the way to go if you want to process this data at a later stage (logstash or input pipeline).
Tags are simpler and meant to label the events, for filtering or aggregation.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.