I've a device syslogs where its being sent to filebeat on 2different ports, as its planned to forward from logstash to 2 different places like DataCenter-1 Elastic search and other place like external server as syslog itself. Whats the best approach and practice we can follow here? Please provide sample config, Your suggestions are highly appreciated.
Hello and welcome,
This is not possible, Filebeat can have only one output.
What you can do is send your filebeat logs to one Logstash and then use this Logstash to forward it to different outputs.
Thanks @leandrojmp
You can also run multiple instances of filebeat, one sending the logs to one location and another to a different location.
I have one server sending stuff to elastic and another to logstash that feeds it opensearch.