Hi guys,
I want to make a model where I can get the alert/logs of the snapshots attempt to take backups fail.
I want it to send the logs to beats.
is there any watch job I could make?
please guide me.
Thanks. 
If you snapshot with Elasticsearch Curator, you can log in JSON format, which is ready for consumption by filebeat/Logstash, complete with ISO8601 timestamp. You'd be able to tell whether your snapshot completed from the logs.
thanks for the reply.
yes we are using curator to take the snapshot.
can you please elaborate more on the approach of getting the logs and parsing it to determine whether it failed or not and then sending it to beats to consume it? is there a watch job for the same?
No, there's no watch job. The Curator documentation shows how to log in json format. The rest would be the subject of a different thread in the beats or logstash forums.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.