i tried something like below, it is creating saparate indexes but i want to redirect only one machine logs to one index, but here in my case logs are clubbing
if [host.hostname] == "fth-qa"
{
elasticsearch
{
hosts => ["localhost:9200"]
user => "elastic"
password => "AixQa1VwfPaYe1ZzAyO8"
index => "fth-qa-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
else
{
elasticsearch
{
hosts => ["localhost:9200"]
user => "elastic"
password => "AixQa1VwfPaYe1ZzAyO8"
index => "fth-elk-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
}