Filebeat output setting on modules

esseti · August 4, 2020, 8:18am

Hello all,
I've two system one ELK for monitoring (Monitoring) and an ELK for auditing (Auditing)

On a machine, i've setup filebeat to send the output to Monitoring. that's fine.
Now,I 've to setup a filebaeat conf that for a specific file (called audit.log) the data are sent to the Auditing ELK, specifically to logstash, and not to the Monitoring.
So, in the end i've that all filebeat data are sent to Monitoring execpt audit.log that is sent to Auditing.

Is there a way to configure a module to read a file and send it to a specific output?
or what should be the approach for me?

MarianaD · August 4, 2020, 11:33am

hi @esseti, unfortunately, running multiple outputs in Filebeat is not supported.
As a workaround you could run two instances of it with the appropriate output configuration.

system · September 1, 2020, 1:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.