Elasticsearch As Log-Buffer

Why? What is that good for? Save license-costs and putting ingest-pipeline load somewhere else! :smiley: At my workplace we currently parse the events mostly with Logstash, but configuring those grok-filters so that the messages are ECS-comform is a lot of work. Yes, I know that there is a possibility to export those ingest-pipelines from Beats... » weiterlesen

PART-4 – Prepare RabbitMQ For Buffering Events

PART-4 – Prepare RabbitMQ For Buffering Events You may have a look at Elasticsearch As Log-Buffer The first thought maybe like: What? Why the hell RabbitMQ and not use the persistent queue featuere of Logstash? Because: Input plugins that do not use a request-response protocol cannot be protected from data loss. For example: tcp, udp,... » weiterlesen