I would like to be able to take a copy of each incoming Beats event and output directly to a file, then pass the events through a filter and output to Elasticsearch, i.e.
Input->Output (file)->Filter->Output(Elasticsearch).
Of course what will happen is Input->Filter->Output(file)->Output(Elasticsearch).
Does anyone know of a way to create both filtered and unfiltered outputs from within one pipeline?
Many thanks
You can use the clone filter to create a copy of the original event with another type or a certain tag and use that tag as a filtering condition for extra filters or outputs.
Thank you paz, that looks exactly like what I need
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.