How can i create 2 indexs for to 2 filebeat inputs?

med_amine · July 30, 2018, 12:40pm

dhnjgdjghghjgh

A_B · July 30, 2018, 1:37pm

Hi med,

Your config would be much easier to read if you would use Preformatted text ( the </> symbol in the toolbar)...

I do what you are looking to do like this.

cat /etc/filebeat/conf.d/syslogs.yml
...
- type: log
  paths:
    - /var/log/auth.log
    - /var/log/faillog
    - /var/log/messages
    - /var/log/syslog
  encoding: plain
  fields:
    log_prefix: dc
    log_idx: syslog-beat
  fields_under_root: false
...

So I add a few extra fields per type of log

In my Logstash _filter section I have

filter {
...
    #############
    # Adding @metadata needed for index sharding to Filebeat logs
    mutate {
      copy => {
       "[fields][log_prefix]" => "[@metadata][log_prefix]"
       "[fields][log_idx]" => "[@metadata][index]"
      }
    }
  }
  #############
...

The above is because on some Logstash inputs I already set [@metadata][log_prefix] and [@metadata][index]

Finally on my Logstash output I use

output {

  elasticsearch {
...
        index => "%{[@metadata][log_prefix]}-%{[@metadata][index]}-%{+YYYY.MM.dd}"
  }
}

Adjust to taste

Hope that helps.

-AB

system · August 27, 2018, 1:45pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple index in elasticsearch from filebeat Beats filebeat	4	3207	August 4, 2017
How to create multi indices with multi logs from filebeat? Beats filebeat	3	937	June 28, 2018
Create Multiple Indexes from filebeat Logstash	3	1532	September 30, 2021
How to create multiple index from file beat log input in log-stash config Beats filebeat	9	2988	May 6, 2019
Not able to create indexes using multiple logs files in filebeat tags Beats filebeat	4	617	May 17, 2021

How can i create 2 indexs for to 2 filebeat inputs?

Related topics