Hi ,
We are trying to investigate if we can retain logs in native format(e.g Oracle DB logs) so that we can use them in dealing with audit trails or sending logs to product vendor from Central Log management server.
Thanks,
Sayantan
Yes you can.
Logstash stores the original event in the message field for example, and then ES stores that in _source.
Hi,
Thanks for the update. One question can we create the raw file repository as a part of ELK stack with a connectivity to Hadoop or a Central file server ?.
If we use Hadoop with Elasticsearch how does Logstash fit in the architecture.
Thanks,
Sayantan