Can I change default port of Filebeat "5044" to someother port

Hi All,
I am new to ELK
I am trying to run multiple filebeat instances on same machine to send different logs to logstash,then i am sending the logs to elasticserach with different index name.

But Logstash is not recognizing different filebeat input,So i want to change my default port of each flebeat,so that i can configure input beat as different port.

Can anyone please tell a way to change the port of filebeat,
else let me know someother approach to achieve this.

Thanks and Regards,
VishnuPriya

Can you not just add a field to the Filebeat config and use that to identify data?

Thanks for replying Christian_Dahlqvist,

This is my filebeat input,Where i should configure extra field,

#=========================== Filebeat inputs
filebeat.inputs:

  • type: log
    enabled: True
    paths:
    • /var/century/logs/*.out

#================================ Outputs ========
output.logstash:
enabled: true
hosts: ["XX.XX.XX.XX:5044"]


And if I am configuring extra field how can i filter that in logstash,below is my logstash configuration,

input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://XX.XX.XX.XX:9200"]
user => "elastic"
password => "changeme"
sniffing => true
manage_template => true
index => "cmlogs"
document_type => "cmlogs"
}
stdout
{
codec =>rubydebug
}
}

Other filebeat is having the same configuration, only the log path is differs

Thanks Christian_Dahlqvist for your support,I tried using Fields in filebeat.It worked for me,

Below is the configuration which worked for me,

Filebeat 1:
------Filebeat inputs ----------

filebeat.inputs:

  • type: log
    enabled: True
    paths:
    • /var/century/cmui/logs/*.out
      fields: {log_type: cm}
      ---- Logstash output -----
      output.logstash:
      enabled: true
      hosts: ["XX.XX.XX.XX:5044"]

Filebeat 2:
------Filebeat inputs ----------

filebeat.inputs:

  • type: log
    enabled: True
    paths:
    • /var/century/centuryui/logs/*.out
      fields: {log_type: century}
      ---- Logstash output -----
      output.logstash:
      enabled: true
      hosts: ["XX.XX.XX.XX:5044"]

LOGSTASH CONFIGURATION

input {
beats {
port => 5044
}
}
output {
elasticsearch {
hosts => ["http://XX.XX.XX.XX:9200"]
user => "elastic"
password => "changeme"
sniffing => true
manage_template => true
index => "%{[fields][log_type]}-logs"
}
stdout
{
codec =>rubydebug
}
}


My logs are created intwo different index named cm-logs and century-logs.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.