Hello,
I'm using filebeat to collect information from log but I need to slip them on different Indexes. To do this I'm using
indices:
- index: "filebeat-%{[agent.version]}-api-%{+yyyy.MM.dd}"
when.contains:
message: "webapi"
I need to know if it is possible to check the condition when message contains host="myhost.site.com" (including quots)
I'm trying but it does not works may some help please
thanks for your time
best regards
I'm not convinced if there is such condition. It would be nice if you can figure out a different way of determining traffic from that host. Maybe different log files?
Yes there are different log file, but I did not find a way to filter on filename
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.