Create different Indices for different filebeat folder location

SumitV · May 18, 2018, 11:31am

Hi There,
I have different application logs sitting in different folders, for instance
../ABC/.logs
../XYZ/.logs

In this case filebeat should take generate events for multiple location and according to these location my indexes should be created in elasticsearch.

So for above scenario elasticsearch should have two indexes with name "abc" and "xyz".

What configuration shall we have and where?

My conf file currently has below details.

input {
beats {
port => "5044"
}
}
filter {
grok{
match => {"message" => "%{TIMESTAMP_ISO8601:timestamp} [%{NUMBER:number}] %{LOGLEVEL:loglevel} %{DATA:file} - (?(.|\r|\n))"}
}
date {
match => [ "timestamp", "YYYY-MM-dd HH:mm:ss,SSS"]
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
user => "elastic"
password => "&^&%"
index => "abc"
}
}

Thanks,
Sumit

warkolm · May 20, 2018, 9:08am

You will need to parse the source path and then use that in the output section.

SumitV · May 21, 2018, 10:55am

Thanks Mark. Can you provide some example, i am not able to understand how we need to set the two paths.
I guess, you are asking to change filebeat.yml file. Do you want me to add another path in paths section? If yes, then how logstash will identify for 2nd path which new indexes needs to create?

Thanks,
Sumit.

system · June 18, 2018, 11:07am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Create several Index from same filebeats source Logstash	3	273	July 17, 2019
Create Multiple Indexes from filebeat Logstash	3	1530	September 30, 2021
How to Create Different index for different Logpaths Logstash	4	278	May 8, 2020
How to create multiple index from file beat log input in log-stash config Beats filebeat	9	2988	May 6, 2019
Filebeat with multiple path and index Beats filebeat	8	833	May 6, 2024

Create different Indices for different filebeat folder location

Related topics