Location of Index Template, pipeline processors and workflow

kelk · May 6, 2020, 8:42am

I was going through the workflow of ELK stack and bit confused on which is required in which stack etc.
( I was mostly looking into a Public Dataset example from official github examples)

(a) The example uses filebeat to directly send the data to Elasticsearch (and NOT via logstash)
(b) The pipeline/processors/grok is loaded into ElasticSearch endpoint directly as per the example
(c) The index template also loaded into elasticsearch directly (Though it has some errors)

So my queries are

Can the pipelines/processors/grok be loaded into elasticsearch tier directly? My expectation reading the docs was pipeline elements go into logstash tier only.
Where does the pipeline/index template exists? does it exist as a physical json file or gets indexed into elasticsearch?
Is the example bypassing logstash because the data is sent by filebeat? Any option to directly load into elasticsearch other than filebeat?

system · June 3, 2020, 8:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat > Logstash > Elasticsearch : Which index template? Logstash	2	511	July 6, 2017
Ingest Pipeline for Transformations Elasticsearch	7	404	August 10, 2020
Question regarding "where" log data is process Beats filebeat	3	287	April 3, 2020
Shipping to Logstash vs Elasticsearch, and pipelines. Also modules? Beats filebeat	4	774	November 14, 2019
How to index even on failed pipelines Elasticsearch	5	646	December 26, 2019

Location of Index Template, pipeline processors and workflow

Related topics