Hello Team,
I am trying to send logs from LOgstash A to Logstash B , and from logstash B to elasticsearch . My question is where do I have to filter the logs and add additional fields to the messages. In logstash A or Logsatsh B . Also Is there any good Grok constructor that you would advise. I am a new to the elk environment.
Thanks
https://www.elastic.co/guide/en/logstash/current/ls-to-ls.html
It depends on where you want to process the logs at. There is no spot where you HAVE to process your logs.
I currently am processing all of my logs on Logstash B, but I could easily process them at Logstash A if I wanted.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.