Append hostname in each index name

connectgeeks · June 21, 2021, 10:16am

I would like to append hostname in each index name for classification of files based on the source hostname.

output{
  elasticsearch {
    hosts => ["127.0.0.1:9200"]
    index => "sample-%{[@metadata][hostname]}-%{[@metadata][beat]}-%{[@metadata][version]}-soap2-%{[@metadata][beat]}-%{+YYYY.MM.dd}"
  }
}

This metadata is not working %{[@metadata][hostname]};

aaron-nimocks · June 21, 2021, 12:00pm

You might not have a field called hostname.

Add this to your output and it will show you all the metadata fields available.

stdout { codec => rubydebug { metadata => true } }

system · July 19, 2021, 12:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Having trouble forwarding indexes from Elasticsearch to logstash Logstash	4	326	July 9, 2018
Elasticsearch output plugin Logstash	3	512	July 6, 2017
Output Wildcard for Hostname Logstash	3	801	April 19, 2019
Logstash metadata Logstash	1	261	January 30, 2019
Index by hostname? Logstash	3	926	November 19, 2022

Append hostname in each index name

Related topics