Contains condition on multiple index - Filebeat

graimato · March 3, 2021, 2:41pm

Hello,
I'm using filebeat to collect information from log but I need to slip them on different Indexes. To do this I'm using

indices:
    - index: "filebeat-%{[agent.version]}-api-%{+yyyy.MM.dd}"
      when.contains:
        message: "webapi"

I need to know if it is possible to check the condition when message contains host="myhost.site.com" (including quots)

I'm trying but it does not works may some help please
thanks for your time
best regards

mtojek · March 5, 2021, 10:29am

I'm not convinced if there is such condition. It would be nice if you can figure out a different way of determining traffic from that host. Maybe different log files?

graimato · March 8, 2021, 12:59pm

Yes there are different log file, but I did not find a way to filter on filename

system · April 5, 2021, 12:59pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat store under different index per host? Beats filebeat	6	1655	June 8, 2017
Filebeat output two conditions Beats filebeat	3	4766	July 9, 2018
Filebeat index pattern's hostname is missing Beats filebeat	3	1094	July 28, 2019
Index and template conditions Beats filebeat	1	197	December 20, 2023
Filebeat with multiple path and index Beats filebeat	8	792	May 6, 2024

Contains condition on multiple index - Filebeat

Related Topics