How many indices we can create at a time using logstash.conf?

Learn_Mulesoft_With · May 4, 2021, 10:51am

consider my logstash.conf

input{
http{
host =>"localhost"
port =>"5044"
response_code =>201
type => "log_error"
}
http{
host =>"localhost"
port =>"5045"
response_code =>201
type => "log_message"
}
http{
host =>"localhost"
port =>"5046"
response_code =>201
type => "rsys_log"
}
}

filter{
if[type] =="rsys_log" {
grok{
match => {
"message" => "%{LOGLEVEL:log-level}\s*%{TIMESTAMP_ISO8601:logdate} [%{DATA:runtime}] [%{DATA:processor}; %{WORD:d}:%{DATA:correlationID}]%{DATA:class}:%{GREEDYDATA:message}"
}
}
}
}

output{
if[type] =="rsyslog" {
elasticsearch {
hosts => ["localhost:9200"]
index => "rsyslog20-%{+YYYY.MM.dd}"
}
}
if[type] =="log_error" {
elasticsearch {
hosts => ["localhost:9200"]
index => "log_error20-%{+YYYY.MM.dd}"
}
}
if[type] =="log_message" {
elasticsearch {
hosts => ["localhost:9200"]
index => "log_message20-%{+YYYY.MM.dd}"
}
}
}

but in this only one index is being created

any solution to create mutiple indices at once

dadoonet · May 4, 2021, 12:12pm

It's a logstash question so I moved it to Logstash.

Please format your code, logs or configuration files using </> icon as explained in this guide and not the citation button. It will make your post more readable.

Or use markdown style like:

```
CODE
```

This is the icon to use if you are not using markdown format:

There's a live preview panel for exactly this reasons.

Lots of people read these forums, and many of them will simply skip over a post that is difficult to read, because it's just too large an investment of their time to try and follow a wall of badly formatted text.
If your goal is to get an answer to your questions, it's in your interest to make it as easy to read and understand as possible.
Please update your post.

Side note:

if[type] =="rsyslog" {

Should be I believe

if[type] =="rsys_log" {

And now to answer your title question:

How many indices we can create at a time using logstash.conf?

I don't think there's a known limit.

Learn_Mulesoft_With · May 4, 2021, 1:46pm

Hi dadoonet,

when i am running logstash file and giving input to one of input port then only one indice is created. as you can see in my code above . in the output section i have configured 2 indices but in kibana i could see only 1 index.

aaron-nimocks · May 4, 2021, 1:50pm

Verified that data is flowing through all 3? Can easily just do an STDOUT for each source one at a time and watch the data if it's flowing or not.

Seems like 2 of them might not push data all the time.

system · June 1, 2021, 1:50pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.