Thanks for your reply.
Logstash configuration :
input {
file{
path => "/usr/local/apps/monitoring/monitor.log"
add_field => {"iname" => "monitor"}
codec => "json"
}
beats {
port => 5044
codec => "json"
congestion_threshold =>30
add_field => {"iname" => "bee"}
}
beats{
port => 5045
codec => "json"
add_field => {"iname" => "mis"}
}
}
filter {
mutate {
remove_field => [ "fields","input_type" , "offset","host","beat","n","h","p","v","l" ]
}
date {
match => [ "t", "ISO8601","UNIX_MS" ]
}
if [iname] == "mis" {
geoip {
source=> ip
}
}
}
output {
if [iname] == "bee" {
elasticsearch { hosts => ["SERVER-IP"]
document_id => "%{[j][cid]}-%{[j][msgid]}"
index => "logstash-%{[iname]}-%{+YYYY.MM.dd}"
workers => 8
}
} else {
elasticsearch { hosts => ["SERVER-IP"]
index => "logstash-%{[iname]}-%{+YYYY.MM.dd}"
workers => 8
}
}
}
Filebeat configuration :
filebeat.prospectors:
paths:
- /usr/local/apps/myAppp/log/log.*
input_type: log
ignore_older: 24h
output.logstash:
hosts: ["SERVER-IP"]
worker: 4
logging.level: warning
logging.to_files: false
logging.to_syslog: false
Please let me know if I need to share the configurations we were using in earlier versions. Will share them too.