I am trying to send aws vpc flow logs from S3 to Elasticsearch by filebeats. Can anyone tell me how the mapping of fields is happening? I understand it takes the reference of elastic schema. But i still have the following questions.
- S3 bucket can contain cloudtrail or vpcflow logs or my own app logs. How file beat interprets what kind of logs are there in S3.
- Once filebeat knows what logs it is dealing with, does it have intelligence to maps the related fields in Elasticsearch.
- What is the documentation on exported fields trying to convey?
s3 fields | Filebeat Reference [8.8] | Elastic
AWS fields | Filebeat Reference [8.8] | Elastic - I see that the actual content of flow logs is tagged to field "message" in elasticsearch. Then what is the purpose of below url:
Amazon VPC | Elastic docs
Thanks
Nish