How to write the condition for logstash conf with multiple Indice

Hello everyone,

I would like creating 2 separate indices to receive logs from 2 linux servers through nput beat port 5044 . My logstash config file is :

input {
beats{
port => 5044
}
}

output {
if [beat.name] == "tsttlnoss0001"{
elasticsearch {
hosts => [ "localhost:9200" ]
index => "filebeats"
}
}
else if [beat.name] == "stgtlnoss0008"{
elasticsearch {
hosts => [ "localhost:9200" ]
index => "node08"
}
}
}

If I do not use the condition, I can get the log from 2 servers but the same indices , it's hard for me to monitoring the log. So could you please help to create the logstash file corresponding the request above (2 indices for 2 linux servers )

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.