Apache logs by virtualhost in ELK 6.7

Victor_Guerrero · May 6, 2019, 5:16pm

Hi community,

I spent a couple of days looking for a solution without luck.

I have a server with different domains hosted, also known as virtual host, running Apache2 as front server. Each domain has their own logs with a file directory structure like that:

/var/www/domain1.com/logs/access_ssl_log,
/var/www/domain2.com/logs/access_ssl_log
/var/www/domain3.com/logs/access_ssl_log
....

There is a way of have domain logs separated by indexes in Elasticsearch?

I'm using ELK 6.7.2 + Filesbeat 6.7.2

Thanks

Badger · May 6, 2019, 6:34pm

If you are ingesting the files with filebeat they will have the file name on every event. You can parse the domain name out of the path and use a sprintf reference for the index name.

That said, if this results in a large number of small indexes you may have performance problems.

Victor_Guerrero · May 6, 2019, 6:50pm

Hi Badger,

Please, could you explain how I can implement the option that you have suggested?

Thanks !

Topic		Replies	Views
How to create the Multiple Index for each Apache Webserver Beats filebeat	2	163	June 13, 2023
Use part of the log files name for the index? Logstash	3	688	September 23, 2020
How to put each file name as index name to store Elasticsearch via Filebeat Beats filebeat	2	654	December 28, 2022
How to separate index of filebeat coming from 2 or more hosts Beats filebeat	11	4878	November 15, 2018
Create Separate index for each logfile Elasticsearch	0	49	December 4, 2024

Apache logs by virtualhost in ELK 6.7

Related topics