In perspective of security I like the principle of not exposing elastic-notes directly to data sources or end users. I therefore see it as relevant to use Logstash as a relay for data which should not be filtered/manipulated before they are shipped towards ES-nodes. Is this common or is this not adviced?
In my case i have some scripts who successfully push json directly to an es-node (http://nodeip:9200). So now I want to set up logstash to receive these and ship them over to the es-node.
I did some searching and didnt manage to find any example of such usage.
Logstash and the large number of plugins it supports allows it to support a variety of architectures. This blog post shows a few of them from simple to more complex. You should therefore be able to set up Logstash as a relay/processor ahead of Elasticsearch. There are many different input plugins, but the beats input is useful if you are sending data from Beats and the tcp input plugin is useful for use with more generic sources.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.