Use Case: Migrating from Elastic Stack
If you are an existing user of the Elastic Stack with either Filebeat or Logstash, this is the page for you.
LogScale offers a complete replacement for the Elastic Search bulk API, meaning that switching your existing Filebeat or Logstash configurations over to LogScale is very easy.
Setting up LogScale
First, you will need to have access to a repository in LogScale.
The quickest way to get started using LogScale is to sign up for LogScale Community.
Alternatively, you may choose to run our Installing Using Containers on your own infrastructure.
Beats
Since you are running Elastic Search, you are likely already familiar with the Beats platform. You will have to reconfigure it to contain this (or equivalent):
output.elasticsearch:
hosts: ["elasticsearch:9200"]
To make all beats point to LogScale, change the
output.elasticsearch section to:
output.elasticsearch:
hosts: ["https://<HOST>:443/api/v1/ingest/elastic-bulk"]
username: <INGEST_TOKEN>
Replace <HOST> with the
hostname of your LogScale cluster. See LogScale URLs & Endpoints.
Make sure the port is set to
443. Beats' default
port is 9200.
Finally, <INGEST_TOKEN>
should be replaced with an Ingest Token for the repository. If your
repository is empty, a dialog on the search page will contain your
default ingest token
 |
Figure 32. Beat
If you cannot find it there, you can always go to the Settings for your repository and create a new Ingest Token from there.
For more information about Beats log shippers, please take a look at Elastic Beats.