I am trying to use graylog 3.0.0 and Kibana 6.6.0. I have ELK stack working in the same version (6.6.0) and changed the configuration in logstash.conf from this:
However, when I changed to the latest configuration I stop receiving indexes with the pattern “filebeat-YYYY-MMDD” and start receiving “graylog_1” because of the configuration in logstash.conf.
Can you please confirm if this is the way to configure logstash.conf to access logs in Kibana and graylog?
Graylog can only work with messages it has received and indices it takes care of. You are not able to ingest messages with logstash to Elasticsearch and work with Graylog on them.
Thanks Jan, the pipeline I have is as follows:
Filebeat collects logs in the server it is hosted and sends the logs to logstash to be transform, parse and extract additional fields. Then, logstash outputs to GELF format in port 12201. Next, elasticsearch connects to logstash to get the transformed data in the Graylog format and creates the index which is requested by Graylog.
Then, the index definition in graylog is internal and created in elasticsearch through Graylog and cannot be change.
with graylog you would ingest the filebeat to Graylog (BEATS Input) and transform, parse and extract additional fields in Graylog and push the result to Elasticsearch.