Hi,
we are trying to create some alerting in elasticsearch side which would notify us when logstash puts back pressure on inputs and stops accepting data. we are currently using three types of inputs: beats, tcp and http.
In our environment, beats are sending data to logstash and logstash then ships it to elasticsearch. Can we have second filebeat which would only monitor primary filebeat logs and ships each errors produced by primary filebeat directly to Elasticsearch so that we can search for i/o read timeout errors in primary filebeat. Is this feasible solution?
Thanks