I have two locations and soon multiples will be added. Since elastic stack by default does not have multitenanacy I am planning to install multiple logstash instances at every location which eventually will gather the data in same elastic instance. Assuming I have LOC-A and LOC-B with logstash-loc-A and logstash-loc-B installed respectively how do I create different indexes for those locations and then create the different dashboards accordingly? I need to keep those completely separate. May be tagging will help?
Just create an index pattern of logstash-loca-YYYY and logstash-locb-YYYY (or whatever).
Or.
If the systems are the same in each location, then just send to the default index pattern and use tags.
OK - Multitenancy means I will be accepting logs from different logstash instances and wanted to know if multiple elasticinstances can be created or not like I have different Business partners, customers and let say I am planning for multiple logstash instances for those but will have same elastic at my end and dont wanna go for muliple elastic instances for those mulitple logstash server.
We can monitor that elasticinstance centrally but need to create the complete different dashboards for those partners & customers. Like Customer-VA, Partner-WA, Customer-NY, Partner-LON this way
Absolutely and thanks for that..In that case I am not so vered with Logstash parsers would you please guide me on templates? I mean since I will be creating different indices I definitely would need different templates as well?
I find the easiest way is just to use an index pattern like logstash-SOMETHING-YYYY, define your own SOMETHING value, and then let the default template apply. After a while, you can then take the mappings and then optimise them.
Optimising depends on what you end up with. I'd let things run for a few days and then create a new template based on what is being created. Do things like removal of text fields in favour of keyword, making sure numbers are mapped correctly etc.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
