Hi, i integrate it an elastics agent 'custom logs' and in the logs section this is the stream
Now i want to parse some information in logstash, ¿how i can send that data to logstash?
Please provide me a detail explanation because im kind of new.
I was wondering an approach for the standalone configuration but im not sure at all
You can configure your stand-alone Elastic Agent with a Logstash Output to route events to Logstash, and then configure your Logstash pipeline to route the events to Elasticsearch as a data_stream.
So basically is chnage this fleet configuration in the elastic-agent.yml?
I dont really know what to write in the field of use outputs , the documentations seems a little confuse to me
Ah. Within Fleet. I'm not sure that is supported.
The Logstash output is currently only supported for Elastic Agents in standalone mode. Fleet-managed agents are not supported.
-- Elastic Agent: Logstash Output
You could spin up a Logstash instance that reads from your Elasticsearch datastream, processes the data, and outputs it to a new datastream.
What are you attempting to accomplish by adding Logstash to the mix?
That is what i want. I've done an integration with an elastic agent but now i don't know how to spin up a logstash instance that reads that data stream, i dont know how to send that data stream to logstash. My data stream is the attached image in the post.
And that's what i want to attemp, send my data stream to process the data.
I haven't done this, but my best guess would be to use the Elasticsearch input plugin for Logstash with a query designed to fetch recent data from a wildcard-pattern index matching your datastream.
Alternatively, you may want to look into using an Elasticsearch Ingest Pipeline to process the data before it is put into the datastream.
Do you think that following the documentation of Logstash output | Fleet and Elastic Agent Guide [7.16] | Elastic
Could it work for my purpose?
That is the documentation for Agent that I linked you to earlier. It claims at the top that it does not work with Fleet-managed Agents, and only works with Agent in stand-alone mode. YOu have indicated that you are using Fleet to manage your agents, so I don't believe it will work.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
