@Tek_Chand all of the modules inside Filebeat relies on the ingest node which is an Elasticsearch feature to do the transformation on the original data. When you start Filebeat with a module we automatically configure the remote ingest pipeline for the transformation.
When you add Logstash between Filebeat and Elasticsearch you are losing capabilities that you have to either do one of the following:
- If you don't need Logstash just keep Filebeat -> Elasticsearch
- Convert the ingest pipeline found in the ingest directory into a Logstash pipeline manually or using the migration tool.
- Configure the elasticsearch output with condition on your data to send the data to to the ingest pipeline.
It's still a bit more involved to add Logstash in the middle and we aim to provide a better path in the future.