In my environment we have 100’s of servers connecting to a Graylog 5.2 server. They all ship logs through FluentD. Recently, we bought the Security license for Graylog, but unfortunately most of the new features are not usable unless they are processed through Beats or NXlog. Once the logs are processed by Beats or NXlog they can then be processed into the Graylog Information Model (GIM), enabling Security license features. Does anybody have experience with sending the logs through FluentD’s Elasticsearch plugin with Logstash formatting enabled? I think this may create the same logs that Beats would but I’m not sure and I’d rather not take the leap until I have other opinions.
Thanks for the help!