Divided data to many index in output logstash

thachnv92 · December 26, 2018, 7:53am

Hello,
I want to config logstash to push in 2 index 1 day.
If date time in logs between 00:00 to 11:59, I want to push it in index logstash-%YYYY.MM.dd-1.
If date time in logs between 12:00 to 23:59, I want to push it in index logstash-%YYYY.MM.dd-2.

Please help me with this solution.
Thank you.

thachnv92 · December 26, 2018, 10:08am

I did it well.
Logs example:
> Aug 10 10:41:15 server001 haproxy[1889]: 107.113.167.5:32075
> Aug 10 15:41:15 server001 haproxy[1889]: 107.113.167.5:32075

I use config as below:
logstash config

Topic		Replies	Views
Logstash output to create an index based on 2 hour data Logstash	2	982	October 29, 2019
Change Logstash Reindex Time Logstash	2	273	August 18, 2022
How can I create 12h based index in logstash Logstash	3	601	October 22, 2017
Is it possible to create two index for the same day using logstash templete Logstash	8	853	September 25, 2019
Logstash put all apache log entries into one index with the current date in kibana Logstash	12	907	August 22, 2019

Divided data to many index in output logstash

Related topics