Hello,
I am ELK cluster v8 with filebeat v8.1.0 ot ship application logs.
I have 2 different indices one for proxy and the other for owa.
The name of the indices are:
- filebeat-8.1.0 for proxy logs
- filebeat-8.1.0-owa for owa logs
logs config:
if [type] == "filebeat" {
elasticsearch {
hosts => [" "]
cacert => ' '
user => "elas"
password => ""
index => "filebeat-8.1.0"
action => "create"
}
}
else if [type] == "owa"
elasticsearch {
hosts => [ " "]
cacert => ' '
user => "elas"
password => " "
index => "filebeat-8.1.0-owa"
action => "create"
}
}
The owa filebeat is writting to proxy filebeat but not vice versa.
dataviews:
filebeat-*
filebeat-8.1.0-owa*
is it related to the index name that is considering filebeat-8.1.0-owa is being a sub of filebeat-*
how to solve this issue and let each one write to its own index.
Thanks,