How to ingest logs if they differ from the default filebeat module

Muckis · October 29, 2019, 8:05am

Hi,

I'm importing postgreSql logs where the log format is different to what the filebeat->postgresql module is set to ingest, so elasticsearch contains none of the postgresql specific fields just the message and the default metadata fields. How can I modify the ingestion so that the postgresql fields are imported as well? I have created a grok filter suitable for my log files. Is there a way to add this grok filter to the filebeat->posgresql module? Will I need to apply the grok filter in logstash? Or is there a way to modify the data in elasticsearch?

Thank you for your help

system · November 26, 2019, 8:05am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticsearch Postgresql Module Ingest Pipeline Not Parsing Postgresql 10 Elasticsearch ingest-pipeline	1	264	November 22, 2021
Elasticsearch json logs with filebeat module and ingest pipeline Beats filebeat	6	2276	February 21, 2020
Missing fields - Postgresql Module Beats beats-module , filebeat	3	411	July 11, 2019
Filebeat not uploading lastest ingest grok pattern to elasticsearch Beats filebeat	6	740	May 31, 2019
Moving from ELK to EFK Beats docker , filebeat	3	1200	November 26, 2019

How to ingest logs if they differ from the default filebeat module

Related topics