Filebeats to Elasticsearch directly?

cybercorp · August 8, 2019, 5:04pm

Hello

Filebeats seems to have many modules available like system, apache, and others. Since modules are responsible for parsing the data, if I send data directly from Filebeats to ES, will those logs supported by modules be parsed?

I have been trying this setup however the system logs (/var/log/secure and others) do not seem to be parsed even though I have enabled the system module of filebeat within the Linux instance.

Wanted to know if this is the right setup or do we need to add an additional logstash to parse the logs?

kvch · August 8, 2019, 7:59pm

No, Filebeat modules only work with ES, as logs are parsed by Ingest pipelines. Have you loaded those? Could you please share a few example input logs, events seen in Kibana and the debug logs of Filebeat?

system · September 5, 2019, 8:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.