Config for ingest pipeline from Filebeat

smerzlyakov · July 17, 2019, 5:27am

Hello. I have a problem with ingest pipeline best practicies.
I want to parse system logs by Filebeat pipeline, but do not use Filebeat, because we already collect these logs.
I do ./filebeat setup --pipelines for inserting pipeline in ELK.
Then i use such config, that support provide me. Is this a best way? I have some mapping errors, that's why i want to check config first. Pipeline name and all network adresses are correct, i check it. I have events, but have a mapping errors.

input {
  udp {
    port => 10002
    codec => line
    tags => ["linux_sys_secure"]
  }
}

filter {
  if "linux_secure" in [tags]{
    mutate {
      add_field => { "[@metadata][pipeline]" => "filebeat-7.2.0-system-syslog-pipeline" }
    }
  }
}

output {
  if "linux_secure" in [tags]{
    elasticsearch {
      pipeline => "%{[@metadata][pipeline]}"
      hosts => ["skynet-elk-1:9200"]
      index => 'filebeat-linux_sys_secure-11-%{+YYYY.MM.dd}'
    }
  }
}

system · August 14, 2019, 5:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch ingest pipelines not configured Beats filebeat	4	968	April 22, 2020
How to configure ingest pipeline with filebeat to send filtered data to elastic search Elasticsearch	1	286	March 29, 2021
Filebeat fails when I configure an ingest-pipeline on filebeat.yml Beats filebeat , ingest-pipeline	16	1687	December 25, 2021
Logstash is not creating ingest pipelines Logstash	3	457	July 13, 2021
Filebeat with customized config and ingest_pipeline Elastic Cloud on Kubernetes (ECK)	4	464	December 2, 2022

Config for ingest pipeline from Filebeat

Related topics