How and where do I define an index for the weblogs being sent from Filebeat. Currently they are arriving as logstash-[thedate] which is not ideal.
In the logstash configuration, the default index used by an elasticsearch output is "logstash-%{+YYYY.MM.dd}". You are free to change that.
Thanks for the help. Should I update my outputs with:
ilm_enabled => true
index: "weblogs"
Or do I need to define other things?
My outputs is:
echo “” > first-pipeline.conf
vim first-pipeline.conf
input {
beats {
port => "5044"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
}
}
output {
elasticsearch {
hosts => [ "localhost:9200" ]
}
}
You can disregard. I did some tweaking and it is now working with:
index => web_logs
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.