Divided data to many index in output logstash

thachnv92 · December 26, 2018, 7:53am

Hello,
I want to config logstash to push in 2 index 1 day.
If date time in logs between 00:00 to 11:59, I want to push it in index logstash-%YYYY.MM.dd-1.
If date time in logs between 12:00 to 23:59, I want to push it in index logstash-%YYYY.MM.dd-2.

Please help me with this solution.
Thank you.

thachnv92 · December 26, 2018, 10:08am

I did it well.
Logs example:
> Aug 10 10:41:15 server001 haproxy[1889]: 107.113.167.5:32075
> Aug 10 15:41:15 server001 haproxy[1889]: 107.113.167.5:32075

I use config as below:
logstash config

system · January 23, 2019, 10:08am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.