It turns out that filebeat.yml can send the output to elasticsearch or logstash.
Is it possible to change the destination depending on the logs collected by filebeat?
For example, is it possible to send general logs that can be configured in modules (ex. syslog, nginx) directly to elasticsearch, while original logs are sent to logstash, adjusted by filter, and then sent to elasticsearch?
Should I send everything, including the module, to logstash?
The concern with sending everything to logstash is that the logstash configuration file will be complicated to write.
If filebeat can parse the modules into the appropriate fields and send them to elasticsearch, I would prefer that.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.