Transform Logs in Elasticsearch

Hi,

We have the problem that we changed our filebeat to write directly into elasticsearch and our logs aren't split in specific fields anymore. Do I have to write my logs into elasticsearch with logstash to split them into fields or do I have the possibility in elasticsearch aswell?

You can use ingest node to do this in Elasticsearch before they are indexed, see https://www.elastic.co/guide/en/elasticsearch/reference/5.6/ingest.html and https://www.elastic.co/guide/en/beats/filebeat/current/configuring-ingest-node.html

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.