I'm wondering if filebeat can be configured with many output.logstash hosts but would send the data only to one LS acording to a condition.
For instance, I have 4 machines (F1,F2,F3,F4) owning the same configuration of filebeat and 2 LS servers (L1, L2). I would like to send files from F1,F2,F3 to L1 and from F4 to L2 :
output.logstash:
# Boolean flag to enable or disable the output module.
enabled: true
# The Logstash hosts
hosts: ["L1"]
when:
or
- equals:
beat.hostname: "F1"
- equals:
beat.hostname: "F2"
- equals:
beat.hostname: "F3"
hosts: ["L2"]
when:
equals:
beat.hostname: "F4"
Else I need to own differents configurations on each F machine
You could provide the filebeat configuration as a template and have your provisioning system (or some custom startup script) create the final per machine configuration from your template.
One can also use variables like this:
output.logstash:
hosts: ["${LOGSTASH_HOST}"]
Variables can be either set via:
environment variables
another configuration file and start filebeat with multiple config files: (e.g. filebeat -c main.yml -c vars.yml )
add variable to startup command: (e.g. filebeat -E LOGSTASH_HOST=...)
having provisioning, just append variables to end of the config file like (echo LOGSTASH_HOST: ... >> /etc/filebeat/filebeat.yml)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
