Hi all, is it possible to send module's data directy to logstash, but prospector data to logstash indexer?
If you want to send to multiple outputs, you need to start multiple Filebeat instances.
What do you mean by "module's data" and "prospector data"? Could you give me an example?
Example:
I activate the module "system,apache2,nginx" this data should go directly to elasticsearch because of the given mappings, fields, dashboards and so on.
The I have an application called "bla" where there is no module available.
I want to create a prospector for this logs in 'var/log/bla/*.log", send them to logstash and grok them there
Got it. Thanks for the clarification.
As I said above, unfortunately, right now sending to multiple outputs is not supported. So you need two instances of Filebeat. The configuration of the first one includes the module config and the output is Elasticsearch. The second config includes the prospector config and Logstash output.
Ok thnaks for the info.
Seems it ends up with using modules and send them to logstash too, to filter them there, like it is done at
https://www.elastic.co/guide/en/logstash/current/logstash-config-for-filebeat-modules.html
But defining different outputs should be a feature in future...
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.