I have some custom grok in logstash conf.d directory. That grok split /home/local/example/example.log path data. I wish - /var/log/*.log path data will be split via filebeat system module and /home/local/example/example.log path data will be split via custom grok.
If I configue filebeat.yum like
output.logstash:
hosts: ["192.168.10.1:5044"]
/home/local/example/example.log path data split field:
"Class" => "c.n.s.s.SmsGatewayService:331"
"source" => "/home/local/example/example.log",
"@timestamp" => 2018-10-03T09:35:57.404Z,
"Thread" => "http-nio-8080-exec-6",
"host" => {
"name" => "vm1"
},
But I configure filebeat like
setup.kibana:
host: "192.168.10.1:5601"
output.elasticsearch:
hosts: ["192.168.10.1:9200"]
/home/local/example/example.log path data will not be split:
message:xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.
I need to split module data and custom path data via output elasticsearch and kibana host.
Thanks for help me