Using Logstash as relay

pas · October 18, 2018, 9:33pm

In perspective of security I like the principle of not exposing elastic-notes directly to data sources or end users. I therefore see it as relevant to use Logstash as a relay for data which should not be filtered/manipulated before they are shipped towards ES-nodes. Is this common or is this not adviced?

In my case i have some scripts who successfully push json directly to an es-node (http://nodeip:9200). So now I want to set up logstash to receive these and ship them over to the es-node.

I did some searching and didnt manage to find any example of such usage.

What input- and output-plugin should I use?

Christian_Dahlqvist · October 19, 2018, 5:44am

Logstash and the large number of plugins it supports allows it to support a variety of architectures. This blog post shows a few of them from simple to more complex. You should therefore be able to set up Logstash as a relay/processor ahead of Elasticsearch. There are many different input plugins, but the beats input is useful if you are sending data from Beats and the tcp input plugin is useful for use with more generic sources.

Topic		Replies	Views
Best practices for reading elastic data to logstash Logstash	9	939	August 6, 2018
How to configure Logstash and develop our own Input Logstash	2	498	July 6, 2017
Receive Elasticsearch API connection with Logstash Logstash	4	59	May 26, 2025
Elasticsearch's output to logstash Elasticsearch	6	410	July 19, 2019
Logging events to Logstash via REST with custom request and responses Logstash	4	2391	June 21, 2017

Using Logstash as relay

Related topics