Filebeats to Elasticsearch directly?

cybercorp · August 8, 2019, 5:04pm

Hello

Filebeats seems to have many modules available like system, apache, and others. Since modules are responsible for parsing the data, if I send data directly from Filebeats to ES, will those logs supported by modules be parsed?

I have been trying this setup however the system logs (/var/log/secure and others) do not seem to be parsed even though I have enabled the system module of filebeat within the Linux instance.

Wanted to know if this is the right setup or do we need to add an additional logstash to parse the logs?

kvch · August 8, 2019, 7:59pm

No, Filebeat modules only work with ES, as logs are parsed by Ingest pipelines. Have you loaded those? Could you please share a few example input logs, events seen in Kibana and the debug logs of Filebeat?

system · September 5, 2019, 8:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Beats to Elasticsearch or Beats to Logstash? Which is best practice Beats filebeat	3	471	April 10, 2018
Shipping to Logstash vs Elasticsearch, and pipelines. Also modules? Beats filebeat	4	774	November 14, 2019
Filebeat's module using Logstash Beats filebeat	6	3703	November 30, 2017
Filebeat module - auditd Beats filebeat	3	1018	July 19, 2018
How can I parse filebeat data with logstash and send it to kibana? Logstash	3	586	March 24, 2020

Filebeats to Elasticsearch directly?

Related topics