Use Case: Migrating from Elastic Stack

If you are an existing user of the Elastic Stack with either Filebeat or Logstash, this is the page for you.

LogScale offers a complete replacement for the Elastic Search bulk API, meaning that switching your existing Filebeat or Logstash configurations over to LogScale is very easy.

Setting up LogScale

First, you will need to have access to a repository in LogScale.

The quickest way to get started using LogScale is to sign up for LogScale Community.

Alternatively, you may choose to run our Docker Deployment on your own infrastructure.

Beats

Since you are running Elastic Search, you are likely already familiar with the Beats platform. You will have to reconfigure it to contain this (or equivalent):

logscale
output.elasticsearch:
  hosts: ["elasticsearch:9200"]

To make all beats point to LogScale, change the output.elasticsearch section to:

logscale
output.elasticsearch:
  hosts: ["https://<HOST>:443/api/v1/ingest/elastic-bulk"]
  username: <INGEST_TOKEN>

Replace <HOST> with the hostname of your LogScale cluster. See LogScale URLs & Endpoints. Make sure the port is set to 443. Beats' default port is 9200.

Finally, <INGEST_TOKEN> should be replaced with an Ingest Token for the repository. If your repository is empty, a dialog on the search page will contain your default ingest token

Beat

Figure 32. Beat


If you cannot find it there, you can always go to the Settings for your repository and create a new Ingest Token from there.

For more information about Beats log shippers, please take a look at Elastic Beats.