How send the log to different index in Kibana

I am new to Elastic stack and trying to see the different logs under different Kiban indexes. for an example, I am trying to place the logs from my dhcp server under a index called "DHCP". My logstash config is as below, but I am not seeing the new index created for DHCP and still all the logs are going under the default filebeat index.
''''''''''''''''''''''''''''''''''''
input {
beats {
port => 5044
}
}

output {
if [log.file.path] in [C:\Windows\system32\dhcp*]{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "DHCP-%{+YYYY.MM.dd}"
user => "CCCCCC"
password => "CCCCCC"
}
}else {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "CCCCCC"
password => "XXXXXXXXX"
}
}
}
''''''''''''''''''''''''''''''

In logstash you have to refer to that as [log][file][path]

so should I modify my config as below?

if [log] [file] [path] in [C:\Windows\system32\dhcp*]{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "DHCP-%{+YYYY.MM.dd}"
user => "CCCCCC"
password => "CCCCCC"

Changed the config file in logstash but still not seeing the new index in kibana.

my new config file:
input {
beats {
port => 5044
}
}

output {
if [log][file][path] in [C:\Windows\system32\dhcp*]{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "DHCP-%{+YYYY.MM.dd}"
user => "elastic"
password => "fgdgdfhfgh"
}
}else {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
user => "elastic"
password => "sdfsdfdfg"
}
}
}

That should be either

if [log][file][path] =~ /C:\\Windows\\system32\\dhcp/ {

or

if "C:\Windows\system32\dhcp" in [log][file][path] {

Thanks, Badger.

As you suggested, I have used "if "C:\Windows\system32\dhcp" in [log][file][path] {" and it worked.
Now I see the new index created in Kibana.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.