I'm new to configuring Elasticsearch and am trying to figure out the easiest way to do it from a Render (render.com) web service. They offer a TLS-enabled log drain and so I was hoping I could connect that directly to Elasticsearch similarly to how the Elastic docs describe connecting Filebeat directly to Elasticsearch. However, I'm unsure if that's even possible and I think I might be misunderstanding how Filebeat works. Do I need to have Logstash running to ingest logs from a log drain? If I can get around using Logstash, what URL do I point the log drain to?
The Render log drain sends syslog messages. elasticsearch cannot consume that directly. You could use logstash with a syslog input and an elasticsearch output.
You could also use a syslog server that knows how to write to elasticsearch, such as syslog-ng, or rsyslog.