I've got some data sources being parsed and written into EL from
logstash, and it would be great to report on additional metadata
related to the record stored in EL. e.g. for a network flow record,
reporting information like the BGP AS (Autonomous System) name related
to the source and destination IP.
I can add this info to each record from Logstash and store in EL, but
it seems redundant to store this data over and over when it could be
looked up in realtime from another data source.
Can such a thing be done with Kibana or does it require a more custom
approach reading directly from EL?
I've got some data sources being parsed and written into EL from
logstash, and it would be great to report on additional metadata
related to the record stored in EL. e.g. for a network flow record,
reporting information like the BGP AS (Autonomous System) name related
to the source and destination IP.
I can add this info to each record from Logstash and store in EL, but
it seems redundant to store this data over and over when it could be
looked up in realtime from another data source.
Can such a thing be done with Kibana or does it require a more custom
approach reading directly from EL?
That'd be a custom job as KB just pulls and displays data from ES,
assuming it has everything in the doc.
Thanks Mark - was suspecting that was the case.
The only problem I've found with my playing with ELK thus far is the
sheer explosion of ideas about what I can do to visualise & report on
all the data I'm ingesting...
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.