hello folks
Is it possible to send auditbeats data directly to logstash for ingesting rather than directly to elasticsearch. I am doing something similar in filebeats and wanted to know if i can use logastash as an ingestion layer as well with auitbeats. If so similar to filebeats modules is there any particular ingest-convert.sh script to run for the json module files to convert them to work with logstash.
thanks
i was able to send auditbeats directly to redis output following the doc but are there any special logstash grok filter pattern needed for proper ingestion to the elasticsearch template and dasboards?
Yes, simply configure the Logstash output in Auditbeat and it will work. Auditbeat natively sends structured data and does not depend on an outside parser like ingest node.
If you use the Logstash output with any Beat you must manually install the Elasticsearch index template. Please see the getting started guide on how to load the template.
If you do use Logstash make sure you see how we recommend to configure the ES output here: Configure the Logstash output | Auditbeat Reference [8.11] | Elastic
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.