Why use Filebeat before Logstash?

Hi all,

I am working with syslogs from various different networking devices all going to the same port. Filebeat does not allow you to use multiple modules to parse logs all coming in on the same port. So Logstash is how I am going to properly parse syslogs coming in on the same port from different devices.

My question now is, in my specific use-case (parsing logs and visualizing in Kibana, with all logs from different devices coming in on the same port), is there any reason to keep Filebeat, send logs to it, and use it as a shipper to Logstash? What would be the advantage in that, instead of just sending the logs straight to Logstash from the networking devices? On the surface, Using Filebeat before Logstash in my specific case seems like a trivial extra step. Thanks for any advice you can give!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.