Mapping flow logs with ES

nishanth_cheruku · July 7, 2023, 4:40pm

I am trying to send aws vpc flow logs from S3 to Elasticsearch by filebeats. Can anyone tell me how the mapping of fields is happening? I understand it takes the reference of elastic schema. But i still have the following questions.

S3 bucket can contain cloudtrail or vpcflow logs or my own app logs. How file beat interprets what kind of logs are there in S3.
Once filebeat knows what logs it is dealing with, does it have intelligence to maps the related fields in Elasticsearch.
What is the documentation on exported fields trying to convey?
s3 fields | Filebeat Reference [8.8] | Elastic
AWS fields | Filebeat Reference [8.8] | Elastic
I see that the actual content of flow logs is tagged to field "message" in elasticsearch. Then what is the purpose of below url:
Amazon VPC | Elastic docs

Thanks
Nish

system · August 4, 2023, 6:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat Parsing issue with module aws Beats beats-module , filebeat	10	555	June 4, 2021
Sending filebeat data to AWS es Beats filebeat	2	1912	April 17, 2018
Filebeat S3 Input - Output Garbled Beats filebeat	5	478	December 5, 2019
Beats for AWS VPC Flow Beats	2	355	October 16, 2018
S3 bucket logs forwarding to Elastic Search through filebeat Beats filebeat	5	421	September 27, 2019

Mapping flow logs with ES

Related topics