Problem sending data to Elastic Data Stream

Question

Hi,I’ve configured an index template in Elastic for a specific log source and set it to use a data stream instead of the indices.Whenever Cribl starts sending data, the data stream is created, but no data is added to is. I presume this has something to do with the _bulk API, since data streams only support the op_type create.Does anyone have a working configuration for logging towards data streams in Elastic?

Kyle McCririe · Answer

The Elastic Search destination should work with Data Streams and should work with the _bulk API.

What do you have set as the Type? What version of Stream are you on? What version of Elastic are you running?

Are there any logs in Stream that give any more info?

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded