Conditional filebeat output to logstash

rrs · November 12, 2018, 2:35pm

Hi All,

We have done setup of ELK with 5.6.3 and filebeat-5.6.3 also installed on hosts to push logs. It is running fine. We need segregation for prod/dev indexes for which we have done another setup for my 'dev' environment logs and filebeat remained same on app hosts.

After went through several documentation I couldn't find the way. Our requirement is split the output to logstash i.e document_type 'prod' should go to production logstash/elasticsearch, while document_type 'dev' should go to dev logstash/elasticsearch.

Please suggest on this.

steffens · November 12, 2018, 9:04pm

Filebeat does not support multiple outputs, so to not accidentally couple production and dev environments. Normally users configure 2 filebeat instances in this case. One for production and another one for dev.

rrs · November 13, 2018, 2:26pm

Hi,

Thank you. We configured another filebeat yml file. Now, it is working as expected.

Topic		Replies	Views
Configure file beat to multiple output Beats filebeat	2	26872	July 1, 2020
Multiple Filebeat output Beats filebeat	2	406	October 24, 2019
How to output to multiple indexes straight from filebeat.yml Beats filebeat	2	1275	January 9, 2019
I need send different logs to different output destination, but why filebeat don't suport? Beats	5	3629	December 28, 2018
FilebeatのOutputに複数の定義を設定する日本語による質問・議論はこちら	3	2010	December 9, 2019

Conditional filebeat output to logstash

Related topics