I am very new to elastic search and my concepts are not clear.
I have created an two indexes one for application and other for syslogs. but i am unable to forword the logs to two different indexes.
Where can i mention. should i have to mention at elasticsearch level or logstash/fluentd level.
Hi,
Could you be more specific as to what your intention/use case is? Forwards logs from where? And why to 2 different indices? Are you trying to setup the ELK-stack?
Kind regards,
Maarten
Hi Maarten,
Yes, I am setting up EFK Stack. In Kibana I want to represent one index for application and one index for syslogs.
I am using fluentd for log forwarding.
syslogs --> /var/log/messages and /var/log/secure
application --> /var/log/application.log
I don't know fluentd, but I'd imagine you can tell it which index to send the two different sets of logs.