Hello there
I would like to know if it is possible to generate more than one "logstash" index for different service logs coming from different services within same server. This is because I have multiple services running on single server and I would want to retain logs only for some services "indefinitely" while logs from some other services can be deleted after certain period of time. I came across Curator which provides the option of deleting logstash indices based on index age and name.
Now, if all the logs from different service within a server is streamed to elasticsearch as one single index (see below) it may not be possible for me to retain only some logs and delete others because I will have to run curator on entire index which is in the format, say -
output {
elasticsearch {
hosts => "localhost:9200"
index => "logstash-%{+YYYY.MM.dd}"
}
}
Let me know if it can be achieved.
Thanks!