We have filebeat apache module enabled which sends to data to logstash for further enrichment (geoip, add more fields for our visualizations etc).
I tried this one
but im not sure if its possible.
this is what we're trying to do..
input {
//beats
}
filter {
//We need to access the module fields including the complete ECS fields to enrich geographic locations of our customer
}
output {
//es with pipeline defined
}
Hi
ingest pipeline is a definition of a series of processes which is installed into Elasticsearch ingest node. Logstash is configured to use ingest pipeline that installed in Elasticsearch.
This is the definition of ingest pipeline.
https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest.html
Thank you wang,
but is there a way on how we can transform the data after the pipeline processed in the ingest node?
For a description of each field in the module, see the exported fields section!
You can transform the data in the pipeline processes rather than Logstash filter.
thank you wang. I dont think i can do that right? (calling the fields in logstash after ingest pipeline transformation)? i've been searching so long and till now i dont find any solution.
Anyways the team decided to use the logstash for transformation instead of ingest pipeline.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.