Elasticsearch index based on source field

Robert_Kovacs · August 17, 2017, 2:41pm

Hi! I would like to know if I could output to a different elasticsearch index based on my logs source field? In the sources I have unique identifiers and I would like to make indexes with these identifiers.

magnusbaeck · August 17, 2017, 7:41pm

Yes, just reference the field name in the elasticsearch output's index option.

https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html#logstash-config-field-references

Also:

system · September 14, 2017, 7:41pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Outputting into different indices based on source Logstash	1	229	October 25, 2019
Field reference from _source for conditional output Logstash docker	5	573	October 21, 2021
Does multiple indices in output work? Logstash	1	946	July 6, 2017
Logstash output to Elasticsearch name index based on field? Logstash	12	2712	March 23, 2021
Creating dynamic elastic seach indices using a json field Logstash	2	585	September 6, 2017

Elasticsearch index based on source field

Related topics