Hi...all
input{
file{
type => "dummylog"
path => [/var/log/messages]
}
file{
type => "log"
path => [/var/log/kernel.logs]
}
}
output {
elasticsearch { host => localhost } stdout { } }
}
let /var/log/messages has 100 events and
jkuang
May 2, 2017, 6:06pm
2
In the output you can specify two if statements and point them to the same index oneEvent.
For example:
input {
file {
type => "technical"
path => "/home/technical/log"
}
file {
type => "business"
path => "/home/business/log"
}
}
output {
if [type] == "technical" {
# output to elasticsearch index oneEvent
}
if [type] == "business" {
# output to elasticsearch index oneEvent
}
Raja1
May 3, 2017, 2:48am
3
I used the same way but it didn't worked out. input is not accepting 2 file parameters.
jkuang
May 3, 2017, 4:27pm
4
This works for me. See my new example below:
input {
file {
sincedb_path => "/tmp/sincedb"
path => "/tmp/tech.log"
type => "technical" # a type to identify those logs (will need this later)
start_position => "beginning"
}
file {
sincedb_path => "/tmp/sincedb2"
type => "business"
path => "/tmp/bus.log"
start_position => "beginning"
}
}
output {
if [type] == "technical" {
# output to elasticsearch index oneEvent
elasticsearch {
index => "hitwo"
document_type =>"tech"
}
}
if [type] == "business" {
# output to elasticsearch index oneEvent
elasticsearch {
index => "hitwo"
document_type =>"bus"
}
}
}
system
May 31, 2017, 4:30pm
5
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.