I have configured Elasticsearch, kibana and logstash on same server. I want to send logs from multiple filebeat clients to logstash with different index name. How can I configure it?
I have one centralized server in which we have configured Elasticsearch, Kibana and Logstash. And we have multiple clients in which filebeat is configured. I want to send logs from filebeat client to logstash. How can set different index name for all clients, so that we can get to know each client's logs seperately. Please guide me. I am beginner in ELK.
Hi,
The easiest way to do that, i think, is to add a tag in filebeat and create indexes, in logsatsh, with conditionals.
- add a tag to a filebeat configuration :
filebeat.inputs:
- type: log
paths:
- example.log
tags: ["filbeat1"]
- logstash configuration to create an index for each filebeat configuration :
filter {
if "filebeat1" in [tags] {
mutate { add_field => { "[@metadata][target_index]" => "filebeat1-%{+YYYY.MM.dd}" } }
} else if "filebeat2" in [tags] {
mutate { add_field => { "[@metadata][target_index]" => "filebeat2-%{+YYYY.MM.dd}" } }
} else {
mutate { add_field => { "[@metadata][target_index]" => "unknown-%{+YYYY.MM.dd}" } }
}
}
output {
elasticsearch {
index => "%{[@metadata][target_index]}"
}
}
Cad.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.