- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Logstash pipelines
editLogstash pipelines
editThis content applies to: 
In Project settings → Management → Logstash Pipelines, you can control multiple Logstash instances and pipeline configurations.
On the Logstash side, you must enable configuration management and register Logstash to use the centrally managed pipeline configurations.
After you configure Logstash to use centralized pipeline management, you can no longer specify local pipeline configurations.
The pipelines.yml file and settings such as path.config and config.string are inactive when centralized pipeline management is enabled.
Manage pipelines
edit- Configure centralized pipeline management.
-
To add a new pipeline, go to Project settings → Management → Logstash Pipelines and click Create pipeline. Provide the following details, then click Create and deploy.
- Pipeline ID
-
A name that uniquely identifies the pipeline.
This is the ID that you used when you configured centralized pipeline management and specified a list of pipeline IDs in the
xpack.management.pipeline.idsetting. - Description
- A description of the pipeline configuration. This information is for your use.
- Pipeline
- The pipeline configuration. You can treat the editor like any other editor. You don’t have to worry about whitespace or indentation.
- Pipeline workers
- The number of parallel workers used to run the filter and output stages of the pipeline.
- Pipeline batch size
- The maximum number of events an individual worker thread collects before executing filters and outputs.
- Pipeline batch delay
- Time in milliseconds to wait for each event before sending an undersized batch to pipeline workers.
- Queue type
-
The internal queueing model for event buffering.
Options are
memoryfor in-memory queueing andpersistedfor disk-based acknowledged queueing. - Queue max bytes
- The total capacity of the queue when persistent queues are enabled.
- Queue checkpoint writes
- The maximum number of events written before a checkpoint is forced when persistent queues are enabled.
To delete one or more pipelines, select their checkboxes then click Delete.
For more information about pipeline behavior, go to Centralized Pipeline Management.
On this page