Tips and Best Practices for working / debugging Logstash pipelines on Kubernetes

Xavier_Krantz · August 17, 2020, 4:31pm

Hi everyone

I have setup a BLEK (Beats, Logstash, ElasticSearch, Kibana) stack on Kubernetes

I would like to parse and enrich some logs output from my services collected through Filebeat.

Have you some tips and best-practices for working and iterating with Logstash pipelines ?

By example, I am wondering how to get Filebeat "raw" message sent to Logstash to be able to work with Grok debugger and define my filter rules ?

In the same way, how can I deploy my new rule but still be sure I do not lose any event ?
Naively, I was thinking about duplicating the stream:

1 copy use the previous flow
1 copy use my new defined flow and gets somewhere where I can validate it works as expected before deleting the previous flow

Thank you all for your tips and suggestions

system · September 14, 2020, 4:31pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Help debugging ingestion flow Filebeat + Logstas Logstash	1	254	September 14, 2020
Filebeat on Kubernetes setup pipelines Beats filebeat	1	348	July 3, 2019
Dec 13th, 2022: [en] Debugging Logstash and Filebeat pipelines with Logshark Advent Calendar docker	2	1751	January 11, 2023
Help in using logstash Logstash	6	554	February 12, 2018
Processing fields with Filebeat via Kubernetes annotations Beats filebeat	2	582	April 8, 2020