What I want is, the event i get from the Beats by listening to the port 5044, to send a filtered version of the event to one output and send a differently filtered version to the other output.
That is the general question but specifically in my case one of the two outputs will get the whole event as it came from the Beats.
Any good strategies on how to implement this? I have heard of Clone filter but from what i have seen it just clones specific fields to a tag or type field in the original event! While i don't want any correlation between the two events that get to the output.
You can implement that using a clone filter and an if/else block to drive different processing and a second if/else in the output section to determine the output. Alternatively you could use pipeline to pipeline communication with a forked-path pattern.
The pipeline to pipeline make more sense to me, but what about the if/else option? Do you have an small example? How I'm gonna take and send different specific fields to each output? They should not have any correlations between them.
Also i saw the forked pattern. Is it mandatory to put everything inside the pipelines.yml file?
because i have a big .conf file for one of my pipelines
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.