hello
I have setup an ELK with 3 beats configurations for 3 different services : httpd,mysql,ibm MQ
<[root@elktest20 conf.d]# pwd
/etc/logstash/conf.d
[root@elktest20 conf.d]# ls
02-beats-mysql.conf 03.beats-mq.conf 04.beats-httpd.conf
[root@elktest20 conf.d]#/>
the 3 inputs are running on different ports : 5044 for mysql, 5045 for httpd,5046 for MQ.
I have also used 3 different indexes for each ports/services regarding the output:
e.g for MQ
<output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "filebeat-7.8.0-mq%"
}
stdout { codec => rubydebug }
}
/>
e.g for HTTPD
<output {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "filebeat-7.8.0-httpd-%"
}
stdout { codec => rubydebug }
}
/>
but when i crawl the logs in the kibana, it doesn't care about the index. I mean , for example, my MQ logs have the index filebeast-7.8.0-httpd when I expect to get filebeat-7.8.0-mq.
How is it possible and how to get the proper index associated to the expected port ?
I precise I use the good port configuration for my filebeat clients to send the logs to logstash