Hi There,

I have Logstash config with few groks to rename fields, make values human readable, geoip, and few more stuffs. I would like to make two outputs:

1. Raw compressed file with untampered, this means it must not include any of the filters
2. Elasticsearch output after applying all filters

Can anyone please help me here?

Regards,

Ajay

Use a clone filter to split each event in two. Use conditionals to apply your filters to one of the events and similarly to send them to different inputs.

Yes this should meet the requirement. Thank you.

Just now tested. This works as expected.
Once again thank you for this quick help.