Hello,
We are looking at moving from 6.4.2 to 7.x amongst the changes would be moving from our current data model to the Elastic Common Schema (ECS).
I understand that the Elastic Ingest Nodes have these extractions 'built-in', but how can I move these regex's and extractions etc etc to a Log Stash Pipeline.
Is there a way for me to dump the ingest pipeline - so that I can move it to a logstash pipeline?
Thanks
For anyone else reading.
On a (Linux) host with Filebeats 7.4 there is the ECS extractions at: /usr/share/filebeat/module/apache/access/ingest/default.json
As an example. Hopefully you can figure the rest out.
Indeed. If you'd like to look at them right in the Beats repo, you can check out the comment here for pointers: Logstash to ECS
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.