Help: Only winlogbeat index with date being created

roman-tasi · March 22, 2022, 7:43am

This is my current output:

output {

        if [type]=="syslog" {
                elasticsearch {
                hosts => ["localhost:9200"]
                index => "logstash-%{+yyyy.MM.dd}"
                }
        stdout { codec => rubydebug }
        file { path => "/etc/logstash/logstash-data/%{logstash}.%{+YYYY.MM.dd}" }
        }

        if [type]=="winlogbeat" {
                elasticsearch {
                hosts => ["localhost:9200"]
                index => "winlogbeat-%{+yyyy.MM.dd}"
                }
        stdout { codec => rubydebug }
        file { path => "/etc/logstash/logstash-data/%{winlogbeat}.%{+YYYY.MM.dd}" }
        }
}

However I am creating a winlogbeat-2022.03.21 index and a logstash index. In other words, only the winlogbeat index has the date. Can anyone tell me why or show me how to fix this?

Also this is my current date field in my filter:

date {
            match => [ "[sslvpn][time]", "yyyy-MM-dd HH:mm:ss" ]
            target => "@timestamp"
    }

But unsure what else to add. I understand that winlogbeat might have the built-in yyyy.MM.dd format, but SSLVPN/Logstash may need to be filtered/created on its own.

FALEN · March 22, 2022, 8:15am

Shouldnt your second "if" needs to be "else if" ?

roman-tasi · March 22, 2022, 8:17am

Not 100% sure but my winlogbeat seems to be working as intended just with the "if".

system · April 19, 2022, 8:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Winlogbeat via Logstash into Elasticsearch Logstash	18	7751	July 22, 2017
No Index for winlogbeat-* Beats winlogbeat	2	1959	February 24, 2017
How to create an index for Windows Log Event? Logstash	5	1857	July 6, 2017
Index name from log date not from system time Logstash	5	3369	September 14, 2017
Indexes creation by date issue Logstash	10	9953	November 7, 2017

Help: Only winlogbeat index with date being created

Related topics