Filebeat output to multiple ElasticSearch

algilber · April 16, 2019, 5:28pm

Hi,
I have a server RHEL7 with filebeat client installed. I want to send the syslog to a cluster of ElasticSearch (elk01) and the logs of Nginx to another one (elk02). What's the config for that. The first one wotk great. But I don't know how to configure the module for Nginx.

module: nginx
setup.kibana.host: ["elk02:5601"]
output.elasticsearch.hosts: ["elk02:2900"]

Access logs

access:
enabled: true
var.paths: ["/var/log/nginx/*_access.log"]

Error logs

error:
enabled: true
var.paths: ["/var/log/nginx/*_error.log"]

Thanks !

Ryne_Keel · April 16, 2019, 5:49pm

It sounds like you have two different clusters? If so, then I would try to find a post about running multiple filebeats from the same directory. Basically then you just start filebeat twice and point each one to a different config file.

So you would have something like syslog.yml and nginx.yml inside of the filebeat directory, and then in the modules .yml files just specify the access and error logs part like you already did, but put the kibana.host and elasticsearch.hosts settings inside of the configuration files in the filebeat directory

system · May 14, 2019, 5:49pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to configure ELK to receive logs from multiple servers Logstash	4	1687	February 24, 2021
Multiple filebeat output to ES and Logstash Beats filebeat	3	1535	November 14, 2019
Filebeat sending two logs in nginx module Beats filebeat	2	280	September 1, 2021
Syslog and filebeat assistance request Beats filebeat	25	3460	October 17, 2019
Several filebeat installations on a Kibana / Elasticsearch server in one log file Beats filebeat	4	197	December 12, 2022

Filebeat output to multiple ElasticSearch

Access logs

Error logs

Related topics