We have done setup of ELK with 5.6.3 and filebeat-5.6.3 also installed on hosts to push logs. It is running fine. We need segregation for prod/dev indexes for which we have done another setup for my 'dev' environment logs and filebeat remained same on app hosts.
After went through several documentation I couldn't find the way. Our requirement is split the output to logstash i.e document_type 'prod' should go to production logstash/elasticsearch, while document_type 'dev' should go to dev logstash/elasticsearch.
Filebeat does not support multiple outputs, so to not accidentally couple production and dev environments. Normally users configure 2 filebeat instances in this case. One for production and another one for dev.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.