Filebeat output setting on modules

esseti · August 4, 2020, 8:18am

Hello all,
I've two system one ELK for monitoring (Monitoring) and an ELK for auditing (Auditing)

On a machine, i've setup filebeat to send the output to Monitoring. that's fine.
Now,I 've to setup a filebaeat conf that for a specific file (called audit.log) the data are sent to the Auditing ELK, specifically to logstash, and not to the Monitoring.
So, in the end i've that all filebeat data are sent to Monitoring execpt audit.log that is sent to Auditing.

Is there a way to configure a module to read a file and send it to a specific output?
or what should be the approach for me?

MarianaD · August 4, 2020, 11:33am

hi @esseti, unfortunately, running multiple outputs in Filebeat is not supported.
As a workaround you could run two instances of it with the appropriate output configuration.

system · September 1, 2020, 1:33pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat's module using Logstash Beats filebeat	6	3703	November 30, 2017
Auditbeat inputs question Beats auditbeat	3	324	July 6, 2023
Configure many outputs for filebeat Beats filebeat	3	303	April 22, 2019
Multiple Filebeat output Beats filebeat	2	324	October 24, 2019
Auditbeat with multiple outputs Beats auditbeat	3	1059	November 4, 2022

Filebeat output setting on modules

Related topics