Elasticsearch As Log-Buffer

Why? What is that good for? Save license-costs and putting ingest-pipeline load somewhere else! :smiley: At my workplace we currently parse the events mostly with Logstash, but configuring those grok-filters so that the messages are ECS-comform is a lot of work. Yes, I know that there is a possibility to export those ingest-pipelines from Beats... » weiterlesen