Filter multiple different file beat logs in logstash

mohsin106 · March 2, 2017, 1:05am

I believe I figured it out. Not sure if its the right way, or an unusual way of doing it but basically this is what my configs looks like and yields me two distinct indices per log file type:

filebeats.yml:

filebeat.prospectors:

- input_type: log
    paths:
    - /var/log/*.log
  fields: {log_type: toolsmessage}


- input_type: log
  paths:
    - /etc/httpd/logs/ssl_access_*
  fields: {log_type: toolsaccess}

test3.conf (logstash config file):

input {
  beats {
    port => "5043"
  }
}

filter {
  if ([fields][log_type] == "toolsmessage") {
    mutate {
      replace => {
        "[type]" => "toolsmessage"
      }
    }
  }
  else if ([fields][log_type] == "toolsaccess") {
    mutate {
      replace => {
        "[type]" => "toolsaccess"
      }
    }
  }
}

output {
  elasticsearch {
    hosts => ["10.111.119.211:9200"]
    index => "%{type}_index"
  }
 #stdout { codec => rubydebug }
}

Topic		Replies	Views
Filebeat to logstash multiple indexs Logstash	22	9149	January 3, 2017
Output logs to multiple index from logstash Logstash	7	5819	December 20, 2019
Filebeat different logfiles to different backends Beats filebeat	4	671	February 6, 2018
How to differentiate type of logs in prospectus of file beats Beats filebeat	1	540	October 10, 2018
Filter the data sent by filebeat Logstash	5	881	July 24, 2017

Filter multiple different file beat logs in logstash

Related topics