Hi All,
I Have multiple types of all log in a file
{z: "a", "id: "x", "name": "Y", "source": "app-name"}
{log: "a", "id: "x", "name": "Y", "amt": 100}
I want to filter the logs and send them to different elastic search indexes.
And also in the same instance using the filebeat i want to send traefik logs.
Is this possible.
My right now not working filebeat config is below.
filebeat.inputs:
- type: log
paths:
- /var/log/app/log-1.log
json.keys_under_root: true
json.add_error_key: true
json.message_key: log
fields_under_root: true
encoding: plain
enabled: true
exclude_lines: ['.*feedback.*']
exclude_lines: ['.*traefik.*']
fields:
server: gokul-1
tags: ["json"]
- type: log
paths:
- /var/log/traefik/access.log
fields:
server: traefik
output.elasticsearch:
hosts: ["https://elastic"]
username: ""
index: "gokul-test-%{+yyyy.MM.dd}"
indices:
- index: filebeat-7.6.2-%{+yyyy.MM.dd}"
when.equals:
server: traefik
password: ""
setup.template:
name: "gokul-test"
pattern: "gokul-test-*"
path: /var/log/gokul/access.log
setup.ilm.enabled: false
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
Here all logs are being pushed to gokul-test index.