I currently have an ELK setup with my web server log events flowing into an index by the name "web-server-logs". When I start pushing metric beat events to this ELK setup, my web server log events and metric beat events end up flowing into each others the indexes.
How can I push both the events to their respective indexes only?
I am pushing the events using filebeat and metricbeat into logstash
It sounds like you may have multiple configuration files for Logstash that lack conditionals. All configuration files made available to Logstash will be concatenated, and if you do not use conditionals all data will go to all outputs.
can I use a if condition in the configuration for the output and specific the index in the output configuration?
If not, then where do I specify the conditional routing?
--gibu
There are examples in the documentation that show your how they are used.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.