we have 5 types apps which generates log in different format , and I want to store these 5 apps logs in 5 different indexes , but I want to use only single log-stash instance .
to differentiate the input at logstash level we can use beats port no example I will use
5001 for app1
5002 for app2
5003 for app3
but I want to apply filter based on message is coming from which app , i.e i have 5 different filters
if message comes form app1 or port 5001 I want to apply filter filter-1 , and output to index-1 in elastic search
if message comes from app2 or port 5002 I want to apply filter filter-2 , and output to index-2 in elastic search
how to apply different filters based on input and output to different index based on input?