Hi,
I have a multiple input and output:
input is gelf and output for that is log that in to elastic.
input is a syslog and output is in to elastic.
But what hapens is that some gelf are send in to my syslog output. Is there option how to define on syslog output that if the log that is send on this output is not in type syslog drop it?
Can I somehow define that these seccond output is only for syslog logs?
Thanks
Your best bet would be to use tags. Type is not reliable for this specific use case.
input {
udp {
port => 5515
tags => [ "syslog" ]
}
gelf {
tags => [ "gelf" ]
}
}
filter {}
output {
# if you want to use different indices
if "syslog" in [tags] {
elasticsearch {
hosts => []
index => "syslog-%{+YYYY.MM.dd}"
user => "elastic"
password => "PASSWORD"
}
}
if "gelf" in [tags] {
elasticsearch {
hosts => []
index => "gelf-%{+YYYY.MM.dd}"
user => "elastic"
password => "PASSWORD"
}
}
}Hi,
thank you very much this solved my problem.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.