How to write configuration two input for logstash with beats

Hi all, I have a model of two machines: one ubuntu server installed ELK server and one windows server 2012. I want to collect log of windows firewall and log of ubuntu system. When configuring the logstash pipeline to collect logs from two agents using filebeats, I configured the following:

src="//cdck-file-uploads-global.s3.dualstack.us-west-2.amazonaws.com/elastic/original/3X/2/d/2d72185f41698c9f040ebd72907150de953de763.png" width="666" height="500">


With the configuration above I have not collected logs from the agents. Please show me the wrong place. :(( Thank you very much

There's a } missing from 30-output.conf, otherwise things look okay.

With the configuration above I have not collected logs from the agents.

What, exactly, does this mean? Are you getting any events at all? If yes, what's wrong with them? If no, are there any clues in the logs of either Logstash or whatever is sending to Logstash?

HI magnusbaeck
Thanks for answering.
I have added missing but it seems that with 2 filters logstash error is not obtained. I use filebeat to log from client to server.
You can tell me how the logstash will works when two filters are no longer. I do not really understand when logstash has two or more filters how it will work.
I hope to receive an early response from you.
Thank you so much :slight_smile:

I do not really understand when logstash has two or more filters how it will work.

It's hard to understand what you're asking. If you have more than one filter Logstash will send events through each filter, in order. If you put your filter in multiple configuration files, the filters in the files will be processed in alphabetical order (so filters in 10-filter-x.conf will be processed before 20-filter-y.conf).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.