Hi,
How can I filter data from different IP addresses to different indexes on the same elastic search.
Sample below:
input {
udp {
port => 514
type => syslog
}
}
filter {
}
output {
elasticsearch {
hosts => ["xxxx:9200"]
index => "abc"
}
}
If you want a different index for each IP, then in the output filter you can use a field reference, such as
index => "%{ip}"
However, depending on your data, that may end up with a large number of small indexes, which may cause performance problems. For most data sets this is not going to be a good approach.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.