Hi All,
I have started learning about ELK. The initial tutorial I came across , uses NGINX logs and NGINX Filebeat module for the demo. I see that we can configure Filebeat to send the logs directly to elasticsearch. If Filebeat can do that, I am trying to understand why Logstash would be required.
Can someone please help me or provide me the pointers that can help me understand why Logstash would be required.
Regards,
Ashish
If all you want to do is send lines from a log file to elasticsearch as documents then logstash is not required. In the case of web server logs, logstash can enrich the lines using filters such as geoip or useragent. If you do not need that then do not use it.
Thanks Badger.
I have seen that filebeat to supports geoip or useragent. I see that in nginx module.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.