Create folder to save logs from Filebeat

Donny_Nightfrost · April 5, 2019, 7:39am

Greetings, I have a simulation I wanted to try :

Filebeat (one agent or more) send logs to another machine (where Logstash located)
Logstash to receive the logs and do the filters
Logs will be saved on specified directory, e.g : /var/log/syslog

My question: Is it possible to make a directory for each agents / clients right after Logstash received the logs from FIlebeat so that the logs will be separated by host name? Thanks

Badger · April 5, 2019, 12:32pm

Filebeat includes the hostname in the events. You can use a sprintf reference in the output to refer to that hostname.

system · May 3, 2019, 12:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.