Hi to everybody. I have some questions and I hope someone can help me.
I'm trying to unterstand the Grok-plugin to filter input-data. There is a option named "periodic_flush". The documentation says "Call the filter flush method at regular interval." But I cannot figure out what is flushed. Does someone know how this option works or what is flushed?
The other "understanding-problem" belongs to the elasticsearch-plugin and the option "protocol". There are three possibilities to define a protocol: node, transport and http.
Is it right, that when I define the protocol as a "node" that elasticsarch will store the parsed log-data but will not index it? Is the index done by logstash (which would explain the bidirectional communication which is needed)?
What exactly does the "transport"-protocol? The description in the documenation is not understandable to me.
Best regards,
User5518