On my second day of searching for a minimalist solution.
I can get syslog data directly into ES using filebeat but none of the syslog headers are getting parsed so it's kind of useless.
Do I need to use logstash for this job.
Using at home 5a at home an work lab if it matters.
FileBeat does not do any processing of log messages, so it often makes sense to send them to Logstash for processing and parsing. In Elasticsearch 5.0 we are however introducing the concept of an ingest node. This will be able to parse and process messages prior to indexing, and will therefore make it easier to connect FileBeat directly to Elasticsearch for some use cases.
Thanks Christian,
So it sounds like I would want to run an ingest instance on my syslog server which would tag up the syslog data in real time and also accept beats traffic from clients?
Trying to understand the deployment model ES.co is building.
WS Webserver
LH loghost (Runs syslog gateway, filebeat and ingest)
ES ES Cluster
WS (Apache filebeat) -> LH -> ES.
WS (syslog) -> LH -> ES
Router (syslog) -> (LH) -> ES
This topic was automatically closed after 21 days. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.