Hi There,
I have different application logs sitting in different folders, for instance
../ABC/.logs
../XYZ/.logs
In this case filebeat should take generate events for multiple location and according to these location my indexes should be created in elasticsearch.
So for above scenario elasticsearch should have two indexes with name "abc" and "xyz".
What configuration shall we have and where?
My conf file currently has below details.
input {
beats {
port => "5044"
}
}
filter {
grok{
match => {"message" => "%{TIMESTAMP_ISO8601:timestamp} [%{NUMBER:number}] %{LOGLEVEL:loglevel} %{DATA:file} - (?(.|\r|\n))"}
}
date {
match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS"]
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
user => "elastic"
password => "&^&%"
index => "abc"
}
}
Thanks,
Sumit