Hi All,
How can i configure logstash which can send all logs to default logstash-xxxx index and filtered log { i want only specific fields} will go to analytics index.
But I also want to have all raw logs in logstash index. Kindly help me.
Thanks
Shamim Akhtar
input {
This will allow for health check from Marathon
http {
port => 31210
type => "elb-healthcheck"
}
Default port is 12201/udp
gelf { port => 31212 }
}
filter {
some filter
}
output {
// here i want filterd log
elasticsearch {
hosts => ["host:port"]
index => "business-%{+YYYY.MM.dd}"
document_type => "analytics"
}
// here i want all raw log
elasticsearch {
hosts => ["host:port"]
index => "logstash-%{+YYYY.MM.dd}"
document_type => "log"
}
}