Importing logs using metricbeat


(Vikash Singh) #1

Hi i am new to elk....can someone help me what if I disable the logstash output and enable elasticsearch output in metricbeat.yml while importing data from different servers using metricbeat?


(Mario Castro) #2

Hi @Vikash_Singh1 :slight_smile:

I'm afraid I don't understand the question well. You can either configure output to Elasticsearch or to Logstash and you can do it with Metricbeat, yes, from different servers. https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-getting-started.html

In any case, reading the title of your question, logs must be imported with Filebeat https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html


(Vikash Singh) #3

can we create filters while importing logs from elasticsearch??


(Mario Castro) #4

Hi @Vikash_Singh1

Still the question is a bit confusing because this is the forum for Metricbeat so we it's expected to receive metrics questions.

If you are working with logs, you should look at Filebeat but, in any case, if you want to extract logs FROM Elasticsearch while creating filters, that's just plain querying to Elasticsearch https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html without involving Metricbeat or Filebeat.

If what you want is to import logs TO Elasticsearch and perform some filtering to them, then you should look at Logstash https://www.elastic.co/products/logstash or the Ingest Node https://www.elastic.co/products/logstash


(Vikash Singh) #5

How can I write/define filters for metricbeat?


(ruflin) #6

https://www.elastic.co/guide/en/beats/metricbeat/current/filtering-and-enhancing-data.html