Filebeats to Elasticsearch directly?

cybercorp · August 8, 2019, 5:04pm

Hello

Filebeats seems to have many modules available like system, apache, and others. Since modules are responsible for parsing the data, if I send data directly from Filebeats to ES, will those logs supported by modules be parsed?

I have been trying this setup however the system logs (/var/log/secure and others) do not seem to be parsed even though I have enabled the system module of filebeat within the Linux instance.

Wanted to know if this is the right setup or do we need to add an additional logstash to parse the logs?

kvch · August 8, 2019, 7:59pm

No, Filebeat modules only work with ES, as logs are parsed by Ingest pipelines. Have you loaded those? Could you please share a few example input logs, events seen in Kibana and the debug logs of Filebeat?

system · September 5, 2019, 8:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Shipping to Logstash vs Elasticsearch, and pipelines. Also modules? Beats filebeat	4	773	November 14, 2019
Filebeat's module using Logstash Beats filebeat	6	3703	November 30, 2017
Filebeat module - auditd Beats filebeat	3	1015	July 19, 2018
How can I parse filebeat data with logstash and send it to kibana? Logstash	3	582	March 24, 2020
Filebeat --> Logstash works but directly to Elasticsearch = nothing Beats filebeat	5	540	April 10, 2018

Filebeats to Elasticsearch directly?

Related Topics