How do I create an index per log file that I read?

magdieldominguez · October 16, 2017, 7:14pm

Hi I have 3 types of log files that I am reading from. My setup is as follows: Filebeat-Logstash-Elasticsearch-Kibana.

The 3 types of logs are logs such as: Processing logs, Spike logs, Error logs.

I would like to be able to have an index per each type of log that I am reading from instead of the index always being logstash-'date'...
So for example when logstash is processing spike logs put all those logs under the index name "Spike", when it is processing processing logs put those under the index name "Processing", etc.

Is it possible to look at the path of the log and if there is a string in the path such as "spk" tell logstash its a spike log and put it under the spike index?

Ive been looking all over the place and cannot seem to find an answer to this. Thank you

magnusbaeck · October 16, 2017, 7:46pm

output {
  if [path] =~ /spk/ {
    elasticsearch {
      ...
      index => "spike"
    }
  }
}

You could also have the conditionals in the filter section and set a field with the desired index name so that you can reference that field with a %{fieldname} reference in the index option.

system · November 13, 2017, 7:46pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
All files collected under on index only. Is it possible to have multiple indexes for multiple files? Logstash	76	2864	February 22, 2020
How to Create Different index for different Logpaths Logstash	4	278	May 8, 2020
Create Multiple Indexes from filebeat Logstash	3	1530	September 30, 2021
How to create multi indices with multi logs from filebeat? Beats filebeat	3	937	June 28, 2018
What is the easiest way to create indexes for different nginx logs in logstash Logstash	5	133	June 27, 2024

How do I create an index per log file that I read?

Related topics