Could someone tell me what the difference is between the different azure module pipelines are? For example, I see:
filebeat-7.6.2-azure-activitylogs-pipleline
AND
filebeat-7.6.2-azure-activitylogs-azure-shared-pipeline
Not sure of what the use cases are for each of these? Thanks!
The azure Filebeat module consists of 3 filesets: activitylogs, auditlogs, and signinlogs. Each of them define their own ingest pipelines, e.g. filebeat-7.6.2-azure-activitylogs-pipeline, to perform processing specific to that fileset. However, internally, each of them also need to do some common processing that's not specific to that fileset. This common processing is defined in a shared pipeline. Because of the way Filebeat is currently implemented, you get 3 copies of the shared pipeline, one for each fileset, but their contents should all be the same.
In short, you can ignore the *-azure-shared-pipeline pipelines. They are for internal use by the other azure ingest pipelines.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.