I want to send Auditbeat and filebeats logs in same index over Logstash. Filebeat is already successfully sending the data. But i dont know how i get Auditbeat logs in the same index because there is no output_type tag. I need the output_type for Logstash.
pls help
thx
@Samau4ka I would not recommend having a different index per server, depending on the number of servers and the naming you are using it could generate a lot of shards on Elasticsearch.
If I were you I would keep a time-based index per beats and you can achieve the same thing by filtering on the beat.host or 'beat.hostname' field in kibana to get the information for a specific host. You can also add custom fields if you want more granularity. You can check our doc to see the default fields.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.