Hello All,
As we now send data using Filebeat, I am just curious to know that we should send the data to logstash first or we should directly send it to Elasticsearch? What is the difference ?
Thanks
If you don't need super advanced transformation of your logs, just seyto elasticsearch
Thank you for your reply, can you please tell me bit in details about "super advanced transformation of logs"? May be say Apache logs ?
Apache logs only needs grok, geoip and user agent processors basically. So I'd not use logstash for this but just elasticsearch.
ok so what other logs we might need to use Logstash for ?
It depends on your sources, destinations and processing needs. Have a look at this blog post for an overview of the difference in capabilities between Logstash and Elasticsearch ingest nodes.
Thank you for your reply and the link
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.