input {
beats{
port => 5044
}
}
########################################################################
filter {
if [prospector.type] == "log" {
}
}
################################################################
output{
if [prospector.type] == "log" {
elasticsearch {
hosts => ["localhost:9200"]
index => "loglinux"
}
}
}
I am using this above filter, but it is not working.
My Filebeat version : 6.5
My Logstash version : 6.5.4
At least one thing you need to do is to separate the key levels with square brackets like this example from my Logstash config
if [fields][index_type] == "postfix-maillog" {
So if [prospector.type] == "log" {
should be if [prospector][type] == "log" {
Ok Thanks. It works.
May i know, how to define multiple prospector type in filebeat configuration.
My Filebeat config.
filebeat.inputs:
If i change the name of "type: log", it is throwing the error message. And unable to restart the filebeat service.
The documentation is quite good
prospector is deprecated. They are called input in later versions of Filebeat, just FYI.
What type are you trying to configure?
I am trying to configure like this in filebeat,
filebeat.inputs:
type: log_one
enabled: true
paths:
type: log_two
enabled: true
paths:
But it is not working.
Also need to know, how to configure "if-condition" for this in logstash.
Looks like type is not what you expect 
Did you read the documentation link I posted?
What you need to do is something like
filebeat.inputs:
- type: log
paths:
- /var/log/auth1.log
fields:
log_type: auth1
fields_under_root: true
- type: log
paths:
- /var/log/auth2.log
fields:
log_type: auth2
fields_under_root: true
This will create field log_type for all records with value auth1for the first input and value auth2for the second input.
Ok Thanks a lot.
It works....
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.