Hello ,
My filebeat.inputs reads two log files.
I am sending it to elasticsearch
How can I show them in two different index names in kibana?
You can send to different indices based on any of the fields present in the document, so you could do something like the below:
output.elasticsearch:
index: "default-%{+yyyy.MM.dd}"
indices:
- index: "application-one-%{+yyyy.MM.dd}"
when.equals:
application: "one"
- index: "application-two-%{+yyyy.MM.dd}"
when.equals:
application: "two"
Would this work for you?
You can also cut out the middle man on the above and do something like:
output.elasticsearch:
index: "%{[my-application-field]}-%{+yyyy.MM.dd}"
my-application-field is in input section?
filebeats.input:
-type: log
fields:
my-application-field: "one"
like this?
If there isn't already a field in the log messages that you can use differentiate between the two logs then you can do that, yeah
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.