Dear team,
can you advise on how to improve my configuration for outputs from Logstash?
In our environment, the only output is Elasticsearch, and we have around 30 sources which are sent to Elasticsearch from logstash based on tags to different indices, like below:
output {
if "_grokparsefailure" in [tags] {
stdout { codec => rubydebug }
file {
path => "/path/to/file/parse-errors.log"
}
}
else if "some-logs" in [tags] {
elasticsearch {
id => "some-logs"
index => "some-logs"
action => create
hosts => ["https://linktoelastic:9200"]
ssl => true
ssl_certificate_verification => true
cacert => '/pathtocert/certs/ca.crt'
user => logstash_internal
password => "${LS_PWD}"
}
}
As above, we have around 30 more of "else if".
Is there a way to simplify it and possibly increase performance?