Serilog and Filebeat Compatibility

christamlyn · August 6, 2021, 6:11pm

Quite specific to our setup but:

we are currently using Filebeat to ship logs to Elasticsearch
we want to slowly migrate to using Serilog sinks to ship to Elasticsearch
we have a number of dashboards setup for the existing index that we don't want to lose or duplicate

Is there any way to get Serilog Sink and Filebeat to ship to the same index? The standard formatters for Serilog seem incompatible. They are formatting the log messages differently. For example Filebeat ships with values like "Properties.Source" but Serilog (using the ElasticsearchJsonFormatter) ships the same message as as "Fields.Source".

I might just need to bite the bullet and make it a breaking change with a new index.

warkolm · August 8, 2021, 11:14pm

Welcome to our community!

There's no such compatibility, you will need to make the changes to accomodate what you want.

system · September 5, 2021, 11:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Index template not applying to indices Elasticsearch	7	5410	December 26, 2018
Filebeat and Structured Json logging Beats	2	1467	August 8, 2016
Filebeat logs are not being send to logstash Beats filebeat	5	514	April 23, 2024
Filebeats to ship Node Application logs Beats filebeat	9	448	February 6, 2019
Is it possible to mix json and plain text? Beats docker , filebeat	3	1179	November 22, 2019

Serilog and Filebeat Compatibility

Related topics