Hello,
I would like to have a separate index created for each host.
During a test to include a second host with Filebeat, the data was included in the already existing index.
I could not find anything suitable in the docs.
Does anyone know in which doc I can get more information on how to implement the whole thing?
Welcome to our community! 
Can you elaborate more on why you'd like to do this?
Hi Warkolm,
Thanks for your welcome and sorry for the delay.
I'm testing elastic right now and I'm already excited.
Now I would like to add another computer.
Furthermore would like to evaluate other logs. Server applications and so on.
I expect more overlooks from it. Because I do not want to have everything in one view.
Or I don't want to have problems with the index.
Or is it better if I have everything in an index and then just show the respective logs in the preparation, depending on what I want to have in the view?
Hi @enp2s6 Welcome to the community.
Typically especially when you get started my recommendation would be to start with most the default settings filebeat.
The default settings will put all your host logs into a single index.
I would start with that, the when searching or visualizing logs you will just filter on the host.name field which will be automatically added to each log line indexed.
This is a very common and the default behavior, I would start with that, many users use this with 100s of hosts.. Then if you need to separate the logs you could do that and even when users do that they tend to separate by log type not host.
Thank you for your answer.
That helps me already. I will try it so.
Thanks again.
Many greetings
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.