Filebeat to Elasticsearch grok example

rkk · April 28, 2020, 2:08pm

Hi,

I would like to send log files using filebeat directly to elasticsearch but lines in log file are in custom string format and I would like preprocess those lines using grok or something?

I cannot seem to find any example, how to configure filebeat.yml to use regex, grok to send log files directly to elasticsearch; is out there any example?

My log file lines look like:

[28-Apr-2020 14:01:58 +0000]: <nht5271m> Successful login for username1 (ID: 1) from 111.222.333.444 in session nht5271mokfeqd1i

Kind regards,

Rok

kvch · April 28, 2020, 3:35pm

Have you tried the Elasticsearch module of Filebeat? https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-elasticsearch.html

Alternatively, you could use the dissect processor to parse the event: https://www.elastic.co/guide/en/beats/filebeat/current/dissect.html

system · May 26, 2020, 3:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Parsing logback log files with filebeat and sending them to Elasticsearch Beats	15	26161	July 5, 2017
I have installed File beat 7.17.3 version on a Windows server, it is not getting the logs to the ELK Server Elasticsearch	2	210	August 11, 2022
Parsing logs filebeat Beats filebeat	4	762	June 2, 2021
Filebeat logs are not being send to logstash Beats filebeat	5	503	April 23, 2024
Filebeat --> Logstash works but directly to Elasticsearch = nothing Beats filebeat	5	540	April 10, 2018

Filebeat to Elasticsearch grok example

Related Topics