priya94
(vishnupriya)
August 28, 2019, 6:23am
1
Hi All,
I am new to ELK
I am trying to run multiple filebeat instances on same machine to send different logs to logstash,then i am sending the logs to elasticserach with different index name.
But Logstash is not recognizing different filebeat input,So i want to change my default port of each flebeat,so that i can configure input beat as different port.
Can anyone please tell a way to change the port of filebeat,
else let me know someother approach to achieve this.
Thanks and Regards,
VishnuPriya
Can you not just add a field to the Filebeat config and use that to identify data?
priya94
(vishnupriya)
August 28, 2019, 7:04am
3
Thanks for replying Christian_Dahlqvist,
This is my filebeat input,Where i should configure extra field,
#=========================== Filebeat inputs
filebeat.inputs:
type: log
enabled: True
paths:
#================================ Outputs ========
output.logstash:
enabled: true
hosts: ["XX.XX.XX.XX:5044"]
And if I am configuring extra field how can i filter that in logstash,below is my logstash configuration,
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://XX.XX.XX.XX:9200 "]
user => "elastic"
password => "changeme"
sniffing => true
manage_template => true
index => "cmlogs"
document_type => "cmlogs"
}
stdout
{
codec =>rubydebug
}
}
priya94
(vishnupriya)
August 28, 2019, 7:07am
4
Other filebeat is having the same configuration, only the log path is differs
priya94
(vishnupriya)
August 28, 2019, 9:35am
5
Thanks Christian_Dahlqvist for your support,I tried using Fields in filebeat.It worked for me,
Below is the configuration which worked for me,
Filebeat 1:
------Filebeat inputs ----------
filebeat.inputs:
type: log
enabled: True
paths:
/var/century/cmui/logs/*.out
fields: {log_type: cm}
---- Logstash output -----
output.logstash:
enabled: true
hosts: ["XX.XX.XX.XX:5044"]
Filebeat 2:
------Filebeat inputs ----------
filebeat.inputs:
type: log
enabled: True
paths:
/var/century/centuryui/logs/*.out
fields: {log_type: century}
---- Logstash output -----
output.logstash:
enabled: true
hosts: ["XX.XX.XX.XX:5044"]
LOGSTASH CONFIGURATION
input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://XX.XX.XX.XX:9200 "]
user => "elastic"
password => "changeme"
sniffing => true
manage_template => true
index => "%{[fields][log_type]}-logs"
}
stdout
{
codec =>rubydebug
}
}
My logs are created intwo different index named cm-logs and century-logs.
1 Like
system
(system)
Closed
September 25, 2019, 9:35am
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.