Different types of json logs to different ES indices without using Logstash

Hi,

I have two different types of json logs (with different fields) which I need to send to two different ES indices. I want to avoid having to setup Logstash just to do this via conditional processing or having to install separate instances of Filebeat. Is this possible with version 6.x?

I have looked at these previous questions: Multiple elasticsearch output configuration and Output different prospectors' logs to different Elasticsearch indices? - just checking if things have improved since then.

I wonder if indices config option is the feature you are looking for? https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#_literal_indices_literal

I did check that link before and I thought it was exactly what I was after. However, the key point here is that the fields of the two logs is entirely different and this link gives me the impression that the input structure is same; it just creates separate indices based on separate criteria - sort of like creating separate tables based on separate "where" clauses but the fields are same.

Please correct me if my impression is wrong.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.