I'd like to pump my curator logs to ES and I don't want to use Filebeat. What are my architectural options, if any? I've been trying to work it out in my head, but no joy.
I have read
but I believe this user's use case was effectively ELK on one node...so logstash could simply input the curator log locally, but my ELK cluster has numerous logstash nodes and elasticsearch masters on which curator needs to run, etc. So what are my options?
Thanks!
-Jonas
Filebeat or something like it is all I can think of.
Me too. Same with Reddit, lol. Thanks!
Curator has the elasticsearch url in its configurations.. so can it be enhanced to send those logs to monitoring index or some other internal index.
Once in ES we can easily create watcher on curator failures so we are alerted instantly.
I should make it clear that Curator is not going to be aggressively updated after Index Lifecycle Management is released. Please note that I am not saying it's going away, but that the use cases it will be handling are likely to be the edge cases that ILM cannot handle.
In all likelihood, log shipping could be added. That's a lot of work for me, and I'm not super interested in pursuing it. If someone else were to submit changes that supported it, though, I'd probably merge them.
@theuntergeek I don't have time for a PR of that level, but this has certainly taught me to consider log shipping preemptively. And that's not a knock against Curator at all. Thanks for helping to maintain this useful tool.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.