hi team,
i have installed filebeat on my syslog server and in kibana i configured the output to elasticsearch so in this case i am getting the syslog server logs directly to kibana dashboard using the filebeat module system. so do i still need to use logstash for the filtering of the logs ?
why do we need logstash nodes in this kind of scenario, please xplain
Hello Opensourceengineer, sounds like you do not need LS nodes for your scenario.
If you're able to handle all your needs using filebeat (or potentially ingestion at ES' end) and are satisfied with how the documents look in ES than simply do not use LS.
LS is there if you had other inputs (than just a simple syslog/files) or needed 'heavier' processing of log data e.g. application specific logs that require custom parsing or normalization rules.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.