Hi everyone,
I have configure my output conf in logstash to send to select data to different indexes but one it just stop working I dont think that I made any mistake in my codes any suggestions ?
below is my conf :
output {
if "_grokparsefailure" in [tags] {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "grokfail"
} }
if [host] == "indi01" {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "indi01-%{+YYYY.MM}"
} }
if "indi02" in [host] {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "indi02-%{+YYYY.MM}"
} }
if [host] == "indi03" {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "indi03-%{+YYYY.MM}"
} }
if [host] == "indi04" {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "indi04-%{+YYYY.MM}"
} }
if [host] == "indi05" {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "indi05-%{+YYYY.MM}"
} }
if [host] == "indi06" {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "indi06-%{+YYYY.MM}"
} }
if [host] == "indi07" {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "indi07-%{+YYYY.MM}"
} }
if [host] == "indi08" {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "indi08-%{+YYYY.MM}"
} }
if [type] == "syslog" {
elasticsearch { host => '10.64.50.30'
protocol => "http"
cluster => "momocluster"
index => "graylog2_0"
} }
stdout { codec => rubydebug }
}
On sense :
GET /indi08/ufdb/_search :
{
"took": 1,
"timed_out": false,
"_shards": {
"total": 3,
"successful": 3,
"failed": 0
},
"hits": {
"total": 0,
"max_score": null,
"hits": []
}
}
It was working correctly, it stopped output to the indexes. In the Logs of logstash.stdout the filter is done correctly.