Serilog and Filebeat Compatibility

christamlyn · August 6, 2021, 6:11pm

Quite specific to our setup but:

we are currently using Filebeat to ship logs to Elasticsearch
we want to slowly migrate to using Serilog sinks to ship to Elasticsearch
we have a number of dashboards setup for the existing index that we don't want to lose or duplicate

Is there any way to get Serilog Sink and Filebeat to ship to the same index? The standard formatters for Serilog seem incompatible. They are formatting the log messages differently. For example Filebeat ships with values like "Properties.Source" but Serilog (using the ElasticsearchJsonFormatter) ships the same message as as "Fields.Source".

I might just need to bite the bullet and make it a breaking change with a new index.

warkolm · August 8, 2021, 11:14pm

Welcome to our community!

There's no such compatibility, you will need to make the changes to accomodate what you want.

system · September 5, 2021, 11:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.