How to allow elastisearch for proper indexing of logs from logstash/filebeat

Ziemowit · March 1, 2017, 2:48pm

Hi!

My intention is to store logs in elastisearch to be able search the logs via severity, thread, request id, etc.
My logs have already form of JSON:

{
  'severity': 'INFO',
  'requestId': '24fd34',
  'message': 'Saving a person',
  ....
}

Now my question is how to do this correctly using a) logstash and b) filebeat.

a) Logstash

I understand that to inform elasticsearch that in future I would like to search my log via above attributes I need to use "codec => json" in elasticsearch plugin. If I am wrong in this point please correct me.

b) Filebeat

The question is if for filebeat sth similar is possible? Can I just read from json logs, directly save them to elastisearch and search via severity/requestId/etc afterwards?

Because with following setup:

output.elasticsearch:
      # Array of hosts to connect to.
      hosts: ["url:9243"]

      # Optional protocol and basic auth credentials.
      protocol: "https"
      username: "elastic"
      password: "password"
      index: "filebeat"

the log line is treated as a whole piece. And I am able to search it only via timestamp.

system · March 29, 2017, 2:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat send a json log but is stored as a string Beats filebeat	17	12730	July 5, 2017
Problem with JSON logs Beats filebeat	3	561	March 9, 2019
Elasticsearch indexing JSON Log Files in a Folder Beats filebeat	2	320	August 29, 2018
Simply push json -> elasticsearch Beats filebeat	2	1063	August 14, 2019
Filebeat -> ElasticSearch for logrus running on k8s Beats filebeat	28	1658	September 26, 2022

How to allow elastisearch for proper indexing of logs from logstash/filebeat

Related topics