Is it possible to save winlogbeat output and metricbeat output to same index in elasticsearch ?
if yes, what do i need to do for that ?
Is it possible to save winlogbeat output and metricbeat output to same index in elasticsearch ?
if yes, what do i need to do for that ?
Yes, you can do that by defining the same index in the Elasticsearch output for both Beats. But I would strongly recommend against it as the two could have conflicting data fields.
Can you share a bit more what you are trying to do? If it's just querying the data together, you can do that without having them in the same index.
i want to monitor beat output using elasticsearch and java api. for that i want to simplify the querying. for that thinking to combine to single index. So no need to create multiple query for each index
You can run a single query against multiple indices. So there should be no need to combine both.
i didnt know that how can i do that ?
how to get all data from 2 indices together ?
for 1 query it's like below. i know that
GET metricbeat/_search
{
"query": {
"match_all": {}
}
}
Try
GET *beat/_search
{
"query": {
"match_all": {}
}
}
i tried
post *beat/_search
{ "size":9999,"query" :
{ "bool": { "must": [ { "range": { "@timestamp": { "gte": "05-11-2018 08-09", "lte": "05-11-2018 08-09", "format": "MM-dd-yyyy HH-mm" } }} ] }}
}}
but i get only metricbeat index data. i didn't get winlogbeat data
Can you past the list of indices here running cat: https://www.elastic.co/guide/en/elasticsearch/reference/current/cat-indices.html ?
Can you try to run the above query without the range part but just match all and see if you get results?
yellow open winlogbeat sYKj8XUfTCSbOy1auHcojQ 5 1 33788 0 32.5mb 32.5mb
green open .kibana bs2HrAO8Q3WBSI3KtoE4sw 1 0 3 0 38.5kb 38.5kb
yellow open metricbeat 2E9LxwXvSmixetmtb3tbOA 5 1 1395669 0 620.2mb 620.2mb
it's my cat indices result.
i checked without range, buy calling get all record. still i didn't get data from winlogbeat
This is strange. Can you share a result output? Did you check all results or only the first top x?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.