Create several Index from same filebeats source

Hi to all,

i'm newbi on this tecnology.
I'm trying to generate 2 different index basing on the same input files from beats.

My basic configuration (1) (working) create the index 'log_reporti_YYYYMM' taking all the '.log' files from the path '/var/log/' (dir configured as input in the filebeats conf file) .

Now I would to take some files from a subfolder (es. '/var/log/test_path_log/) that should fill a new index .
I tryed to modify the configuration (2) but not work properly. Anyone can help me ?

thanks in advance

(1)
input {
beats {
port => 5044
type => "beats"
}
}

output {

if [type] == "beats"
{
elasticsearch {
hosts => [ "http://localhost:9200" ]
index => "log_reporti-%{+YYYY.MM}"
}
}
}

(2)
input {
beats {
port => 5044
type => "beats"
}
file {
path => "/var/log/temp_tst/."
type => "fbeats2"
}

file {
path => "/var/log/*.log"
type => "fbeats"
}

}

output {

if [type] == "fbeats"
{
elasticsearch {
hosts => [ "http://localhost:9200" ]
index => "log_reporti-%{+YYYY.MM}"
}
}

if [type] == "fbeats2"
{
elasticsearch {
hosts => [ "http://localhost:9200" ]
index => "log_repo_testo-%{+YYYY.MM}"
}
}
}Preformatted text

You really need to use markdown to preserve characters such as * and _ in your posts. Edit you post, select the configuration and click on </> in the toolbar above the edit pane. Then check that your post looks correct in the preview pane to the right.

any help ??

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.