How to configure ELK (Elasticsearch, Logstash,Kibana) for different application log files and display each application separately in Kibana?

magnusbaeck · January 4, 2017, 1:11pm

is this my else condition which cause logstash-* index ?

It sounds like you effectively have this:

output {
  if [type] == "OnsuranceAppLog" {
    elasticsearch { 
      hosts => ["localhost:9200"] 
      index => "onsurance-%{+YYYY.MM.dd}"
    }
  } else {
    elasticsearch {
      hosts => ["localhost:9200"]
    }
    stdout { codec => rubydebug }
  }
  if [type] == "iis" {
    elasticsearch { 
      hosts => ["localhost:9200"] 
      index => "iis-%{+YYYY.MM.dd}"
    }
  } else {
    elasticsearch {
      hosts => ["localhost:9200"]
    }
    stdout { codec => rubydebug }
  }
}

In that case yes, the else block is the problem. All messages will reach it.

another question is, how can i tell ES to keep index of only last 30 days? and delete everything which is older than 30 days. I know you can fire a query to ES but is there any Setting which i can set once and it does the magic?

There's no setting but the Curator program can do this for you.

Topic		Replies	Views
Remote IIS logs into ELK Stack? Beats filebeat	5	5532	July 5, 2017
Logstash configuration : 6.3 Logstash	11	511	September 20, 2018
Different Log Types from different Beat Apps on different Servers into Kibana Logstash	2	576	November 22, 2017
Parse the logs with FileBeat-ElasticSearch and Display on Kibana Beats filebeat	8	3698	December 14, 2017
Elastic Stack Setup for Multiple Server Elasticsearch	10	2806	July 23, 2018

How to configure ELK (Elasticsearch, Logstash,Kibana) for different application log files and display each application separately in Kibana?

Related Topics