Hi there guys
I'm configuring collectd to gather info from my docker containers, so far so good, but I'd like the to have a descriptive index name, now it's called like bellow, which was created automatically, I'd like to have something like collectd-DATE-FORMAT
yellow open %{[@metadata][beat]}-2016.11.08 5 1 86550 0 10.9mb 10.9mb
I created an input file like this:
input {
udp {
port => 25826
buffer_size => 1452
codec => collectd { }
}
}
and got an output like this which works with filebeat and metricbeat:
cat 30-output.conf
output {
elasticsearch {
hosts => ["server-name"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
What am I missing
Thanks in advance
Regards
If you set a type for your collectd event (e.g. type => "collectd" in your input declaration) you can add a conditional in your output block to choose between two elasticsearch output. One if it's a collectd message and another one for Beats messages. Or, name the index after the beat name if available and otherwise store the events elsewhere:
output {
if [@metadata][beat] {
elasticsearch {
hosts => ["server-name"]
sniffing => true
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
} else {
elasticsearch {
hosts => ["server-name"]
sniffing => true
manage_template => false
index => "collectd-%{+YYYY.MM.dd}"
document_type => "collectd"
}
}
}
Thank you very much, very kind of U.
Regards
Hi,
I get this error when starting logstash, just copy/paste the example above, only replaced with the correct server name.
{:timestamp=>"2016-11-08T14:45:24.664000-0600", :message=>"Error: Expected one of #, if, ", ', } at line 43, column 25 (byte 985) after output {\n if [@metadata][beat] {", :level=>:error}
Thank you!
There's a double opening brace on the second line. I've corrected the previously posted snippet.