You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The following example shows how to configure Logstash to listen on port
28
-
5044 for incoming Beats connections and to index into Elasticsearch.
29
+
5044 for incoming {plugin-uc} connections and to index into Elasticsearch.
29
30
30
-
[source,logstash]
31
+
["source","sh",subs="attributes"]
31
32
-----
32
33
33
34
input {
@@ -45,16 +46,16 @@ output {
45
46
-----
46
47
<1> `%{[@metadata][beat]}` sets the first part of the index name to the value
47
48
of the `beat` metadata field and `%{[@metadata][version]}` sets the second part to
48
-
the Beat's version. For example:
49
+
the {plugin-uc}'s version. For example:
49
50
metricbeat-7.4.0.
50
51
51
52
Events indexed into Elasticsearch with the Logstash configuration shown here
52
-
will be similar to events directly indexed by Beats into Elasticsearch.
53
+
will be similar to events directly indexed by {plugin-uc} into Elasticsearch.
53
54
54
55
NOTE: If ILM is not being used, set `index` to
55
56
`%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}` instead so
56
57
Logstash creates an index per day, based on the `@timestamp` value of the events
57
-
coming from Beats.
58
+
coming from {plugin-uc}.
58
59
59
60
IMPORTANT: If you are shipping events that span multiple lines, you need to use
60
61
the {filebeat-ref}/multiline-examples.html[configuration options available in
@@ -64,7 +65,7 @@ plugin] to handle multiline events. Doing so will result in the failure to start
64
65
Logstash.
65
66
66
67
[id="plugins-{type}s-{plugin}-versioned-indexes"]
67
-
==== Versioned Beats Indices
68
+
==== Versioned indices
68
69
69
70
To minimize the impact of future schema changes on your existing indices and
70
71
mappings in Elasticsearch, configure the Elasticsearch output to write to
@@ -89,10 +90,14 @@ This configuration results in daily index names like
89
90
90
91
[id="plugins-{type}s-{plugin}-ecs_metadata"]
91
92
==== Event Metadata and the Elastic Common Schema (ECS)
92
-
When decoding `beats` events, this plugin adds two fields related to the event: the deprecated `host`
93
-
which contains the `hostname` provided by beats and the `ip_address` containing the remote address
94
-
of the client's connection. When <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is
95
-
enabled these are now moved in ECS compatible namespace. Here's how <<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> affects output.
93
+
94
+
When decoding {plugin-uc} events, this plugin adds two fields related to the event:
95
+
the deprecated `host` which contains the `hostname` provided by {plugin-uc} and the
96
+
`ip_address` containing the remote address of the client's connection. When
97
+
<<plugins-{type}s-{plugin}-ecs_compatibility,ECS compatibility mode>> is enabled
98
+
these are now moved in ECS compatible namespace. Here's how
0 commit comments