Tips and Best Practices for working / debugging Logstash pipelines on Kubernetes

Xavier_Krantz · August 17, 2020, 4:31pm

Hi everyone

I have setup a BLEK (Beats, Logstash, ElasticSearch, Kibana) stack on Kubernetes

I would like to parse and enrich some logs output from my services collected through Filebeat.

Have you some tips and best-practices for working and iterating with Logstash pipelines ?

By example, I am wondering how to get Filebeat "raw" message sent to Logstash to be able to work with Grok debugger and define my filter rules ?

In the same way, how can I deploy my new rule but still be sure I do not lose any event ?
Naively, I was thinking about duplicating the stream:

1 copy use the previous flow
1 copy use my new defined flow and gets somewhere where I can validate it works as expected before deleting the previous flow

Thank you all for your tips and suggestions

system · September 14, 2020, 4:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help debugging ingestion flow Filebeat + Logstas Logstash	1	265	September 14, 2020
Help in using logstash Logstash	6	601	February 12, 2018
Filebeat on Kubernetes setup pipelines Beats filebeat	1	356	July 3, 2019
Filebeat not send logs to logstash on kubernetes Beats docker , filebeat	1	496	November 11, 2021
How do i output kubernetes Logs to logstash Beats filebeat	1	463	March 21, 2024