I defined ducument_type=apachelogs in filebeat.prospectors, but having problem in if[type] == "apachelogs"

Below is filebeat.yml
filebeat:
prospectors:
-
paths:
- /home/st/Desktop/apache.log
input_type: log
document_type: apache_logs
-
paths:
- /home/st/Desktop/server.log
input_type: log
document_type: server_logs
output:
logstash:
hosts: ["localhost:5044"]
bulk_max_size: 1024

conf.d

if[type] == "apache_logs"{
..
..
..
}
else if[type] == "server_logs"{
..
..
..
}

logstash-plain.log
[2018-06-11T12:41:20,229][INFO ][logstash.outputs.elasticsearch] ES Output version determined {:es_version=>6}
[2018-06-11T12:41:20,230][WARN ][logstash.outputs.elasticsearch] Detected a 6.x and above cluster: the type event field won't be used to determine the document _type {:es_version=>6}
[2018-06-11T12:41:20,321][INFO ][logstash.outputs.elasticsearch] New Elasticsearch output {:class=>"LogStash::Outputs::ElasticSearch", :hosts=>["//localhost:9200"]}

So what does an example event actually look like? Use a stdout { codec => rubydebug } output.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.