What is the best method to send logs to another environment? We are currently sending logs internally via log-stash to our elastic search, but would like to send the logs to another environment managed by a 3rd party. I had the below setup in our test environment (logstash config file), but it seems to not be consistent in what i can see in elastic search in both consoles. Can we send the logs directly from file-beat instead? If so what is the configuration look like? I cant seem to find anything supporting this.
}
output {
if [type] == "output" {
elasticsearch {
hosts => ["10.204.0.203:9200"]
index => "wazuh-alerts-3.x-%{+YYYY.MM.dd}"
}
elasticsearch {
hosts => ["192.168.2.227:9200"]
index => "wazuh-alerts-3.x-%{+YYYY.MM.dd}"
}
whats other environment here? does that mean elasticsearch at 3rd party network? If thats the scenario yes we can simply mentioning hostname:portnumber where es is running and mention certs if any.
If you dont have requirement of parsing logs, ya you can directly push logs from filebeat to elasticsearch. enable output.elasticsearch in filebeat with respective "[hostname:portnumber]".
elasticsearch {
hosts => ["http://192.168.7.227:9200"]
index => "wazuh-alerts-3.x-%{+YYYY.MM.dd}"
}
}
}
We also may want to directly output to the 3rd party from filebeat, below is the configuration. Simply add like this? hosts: ["logstash:5000", "logstash2:5000"]
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.