Create several Index from same filebeats source

robymemo · June 17, 2019, 4:40pm

Hi to all,

i'm newbi on this tecnology.
I'm trying to generate 2 different index basing on the same input files from beats.

My basic configuration (1) (working) create the index 'log_reporti_YYYYMM' taking all the '.log' files from the path '/var/log/' (dir configured as input in the filebeats conf file) .

Now I would to take some files from a subfolder (es. '/var/log/test_path_log/) that should fill a new index .
I tryed to modify the configuration (2) but not work properly. Anyone can help me ?

thanks in advance

(1)
input {
beats {
port => 5044
type => "beats"
}
}

output {

if [type] == "beats"
{
elasticsearch {
hosts => [ "http://localhost:9200" ]
index => "log_reporti-%{+YYYY.MM}"
}
}
}

(2)
input {
beats {
port => 5044
type => "beats"
}
file {
path => "/var/log/temp_tst/."
type => "fbeats2"
}

file {
path => "/var/log/*.log"
type => "fbeats"
}

}

output {

if [type] == "fbeats"
{
elasticsearch {
hosts => [ "http://localhost:9200" ]
index => "log_reporti-%{+YYYY.MM}"
}
}

if [type] == "fbeats2"
{
elasticsearch {
hosts => [ "http://localhost:9200" ]
index => "log_repo_testo-%{+YYYY.MM}"
}
}
}Preformatted text

Badger · June 17, 2019, 4:53pm

You really need to use markdown to preserve characters such as * and _ in your posts. Edit you post, select the configuration and click on </> in the toolbar above the edit pane. Then check that your post looks correct in the preview pane to the right.

robymemo · June 19, 2019, 12:50pm

any help ??

system · July 17, 2019, 12:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.