Define an index for weblogs being sent from Filebeat > Logstash > Elasticsearch

bradfordaemorton · February 14, 2019, 7:53am

How and where do I define an index for the weblogs being sent from Filebeat. Currently they are arriving as logstash-[thedate] which is not ideal.

Badger · February 14, 2019, 1:07pm

In the logstash configuration, the default index used by an elasticsearch output is "logstash-%{+YYYY.MM.dd}". You are free to change that.

bradfordaemorton · February 14, 2019, 8:36pm

Thanks for the help. Should I update my outputs with:

ilm_enabled => true
index: "weblogs"

Or do I need to define other things?

My outputs is:

echo “” > first-pipeline.conf

vim first-pipeline.conf

input {

beats {

port => "5044"

}

filter {

grok {

match => { "message" => "%{COMBINEDAPACHELOG}"}

}

geoip {

source => "clientip"

}

output {

elasticsearch {

hosts => [ "localhost:9200" ]

}

bradfordaemorton · February 14, 2019, 9:14pm

You can disregard. I did some tweaking and it is now working with:

index => web_logs

system · March 14, 2019, 9:14pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash output from filebeat. What is 'index' configuration option? Beats filebeat	2	408	January 16, 2020
Multiple ElasticSearch Indexes in Logstash Output Logstash	2	2224	July 6, 2017
Logstash keep logging into default index Logstash	6	1127	July 6, 2017
How to use the index specified in Filebeat in logstash.yml? Beats filebeat	3	439	September 18, 2018
Filebeat does not set the index for logstash output even after providing index name in filebeat Beats	4	1203	December 30, 2016