0

I have a theoretical question about Beats.

If I understand correctly, Logstach allows to easily parse the received data and ingest it to ElasticSearch. So my question is, does Beats send the retrieved information directly to a Logstach profile or does Beats itself modify the data and ingest it directly into ElasticSearch?

Thanks in advance for your help

EDIT :

Important message

To summarize, when I configure Filebeat, I only fill in the information from Elastic Cloud as output. That is to say the cloud ID and the password of elasticsearch. So I don't fill in any output information. My question is, when I use a module (Fortinet for example), will Filebeat process the information and send it directly to ElasticSearch or will it send it to Logstach by default? I need to try to understand as much as possible to write a paper on this.

Sénéchal Julien
  • 43
  • 9

1 Answers1

0

You can have both the option, you can send the data from beats to directly Elasticsearch or send it to logstash where again in logstash configuration you can mention which Elasticsearch it needs to send the data.

Refer configure the output page for more details and configurations ie Elasticsearch, kafka, redis, console etc.

Amit
  • 30,756
  • 6
  • 57
  • 88
  • Thank you for your answer. So let's say we use Filbeat with any module (Fortinet for example). Does Filebeat parse the information or send it directly to a Logstach profile? – Sénéchal Julien Apr 11 '22 at 10:14
  • @SénéchalJulien it should be – Amit Apr 11 '22 at 10:16
  • In my case, I use Elastic Cloud. So I just configure my filebeat.yml file using the Elasticsearch cloud ID and password. – Sénéchal Julien Apr 11 '22 at 10:16
  • @SénéchalJulien, thats totally fine – Amit Apr 11 '22 at 10:34
  • Yes but the question is that I don't define myself if the information goes in logstach or in elasticsearch. Hence my question in fact :/ – Sénéchal Julien Apr 11 '22 at 12:04
  • @SénéchalJulien didn't get you, can you explain more – Amit Apr 11 '22 at 12:05
  • To summarize, when I configure Filebeat, I only fill in the information from Elastic Cloud as output. That is to say the cloud ID and the password of elasticsearch. So I don't fill in any output information. My question is, when I use a module (Fortinet for example), will Filebeat process the information and send it directly to ElasticSearch or will it send it to Logstach by default? I need to try to understand as much as possible to write a paper on this. – Sénéchal Julien Apr 11 '22 at 12:49