Hi team,
Would like to ask for your help with regards on having an if else condition on Filebeat’s output to elasticsearch. Would like to check if fields.age ==10 the output to be one array of hosts else other array of hosts
If fields.age ==10:
Output.elasticsearch:
Hosts:[“http:es01:9200”]
Else:
Output.elasticsearch:
Hosts: [“es01:9200, es02:9200”]
As you can see what I want to do is to check if a variable from an XPATH equals a value.
Thank you for your answer!
Hi @valhalla!
I'm afraid you cannot set conditions on host's level. What you can is to use conditions in index'es level (Configure the Elasticsearch output | Filebeat Reference [7.13] | Elastic).
C.
Thank you Chris!
Can be set conditions on Logstash’s output? Can the same be done in Logstash, but with if/else conditions?
Thank you in advance!
Filebeat does not support sending to multiple outputs, you can find more info about this at Support multiple outputs of the same type (like two independent Logstash clusters) · Issue #1035 · elastic/beats · GitHub.
You can define conditional-like ES indexes in Logstash which is described at Elasticsearch output plugin | Logstash Reference [7.13] | Elastic.
In general, it seems that the only way to achieve sending to multiple hosts is to use 2 different Filebeat instances.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.