Using Logstash as relay

In perspective of security I like the principle of not exposing elastic-notes directly to data sources or end users. I therefore see it as relevant to use Logstash as a relay for data which should not be filtered/manipulated before they are shipped towards ES-nodes. Is this common or is this not adviced?

In my case i have some scripts who successfully push json directly to an es-node (http://nodeip:9200). So now I want to set up logstash to receive these and ship them over to the es-node.

I did some searching and didnt manage to find any example of such usage.

What input- and output-plugin should I use?

Logstash and the large number of plugins it supports allows it to support a variety of architectures. This blog post shows a few of them from simple to more complex. You should therefore be able to set up Logstash as a relay/processor ahead of Elasticsearch. There are many different input plugins, but the beats input is useful if you are sending data from Beats and the tcp input plugin is useful for use with more generic sources.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.