Hi ,
Logstash can transfer logs to elasticsearch and fillebeat can transfer to logstash then elasticsearch . so if we will use logstash and ignore the filebeat in client machine . Is it ok or any special reason to add filebeat in client box.
Hi,
First what are you doing with filebeat or logstash ? Are you just sending to ES without parsing them?
Bascially filebeat is light weight shipper which will send the logs from different sources to one. Logstash is mainly used to parse those logs as per your needs. You can do the parsing in filebeat but not that great as logstash do.
Thanks
Hi ,
Thanks for responding . I am using logstash and reading the file and then sending file to ES and trying to make the different idex for diff logs files but that is not happening . below is my logstash config file .
nput {
file {
path => [ "/was/AppServer/profiles/Dmgr01/logs/dmgr/*.log" ]
start_position => "beginning"
type => "Dmgr01"
ignore_older => "8640000"
}
file {
path => [ "/was/AppServer/profiles/AppSrv01/logs/nodeagent/*.log" ]
start_position => "beginning"
type => "AppSrv01"
ignore_older => "8640000"
}
}
filter {
if [type] == "SystemOut.log" {
grok {
match => { "message" => "%{%{DATESTAMP} %{GREEDYDATA}" }
}
}
}
output {
if [type] == "Dmgr01" {
elasticsearch{
hosts => ["x.x.x.x:9200"]
index => "Hostname_Dmgr01"
}
}else if [type] == "AppSrv01" {
elasticsearch{
hosts => ["x.x.x.x:9200"]
index => "Hostname_AppSrv01"
}
}else {
elasticsearch{
hosts => ["x.x.x.x:9200"]
}
}
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.