Hi all
I am new in ELK ,I tried setup 6.2 ELK infrastructure.
I used filebeat with apache module to send parsed apache log directly to ES and all was working fine.
But I need to do some changes in event ( timestamp change) and I decided use logstash for event manipulation and after change send event to logstash, but when I changed output to logstash from elasticsearch the apache module stop parsing data from event and I didn`t recieved fields: apache2.access.*.
What am I doing wrong?
Is it possible to send apache log parsed data to different output than elasticsearch?
I tried change output to file, but stored event are without apache2.access.* fields too.
Thx
Rudo