What is the need of logstash when we can directly forward things to elastic search


(elastic-fan) #1

What is the need of logstash when we can directly forward things to elastic search, is there any specific reason that we want to use logstash?


(Magnus B├Ąck) #2

It's not unusual to want to process events in some way (renaming fields, performing DNS lookups, parsing user agent strings, ...). Logstash also has a wide variety of inputs and outputs that Beats (which I assume is what you're talking about) can't match. If you have no such needs then Logstash probably has limited value for you.


(Mark Walkom) #3

Like Magnus said, you can't do geoip and more processing via beats.


(system) #4