Here is my filebeats config
processors:

• add_tags:
  tags: [web, dev]
  target: "environment"

#=========================== Filebeat inputs =============================

filebeat.inputs:

• type: log

  enabled: true

  paths:

  • /root/logstash-tutorial.log

filebeat.config.modules:

Glob pattern for configuration loading

path: ${path.config}/modules.d/*.yml

reload.enabled: false

output.logstash:
hosts: ["localhost:5044"]

Here is my logstash config

input {
beats {
port => "5044"
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}"}
}
geoip {
source => "clientip"
}
}
output{

if "dev" in [tags] {
amazon_es {
hosts => ["https://mydevcluster"]
region => "us-east-1"
}
}

if "mit" in [tags] {
amazon_es {
hosts => ["https://mymitcluster"]
region => "us-east-1"
}
}
}

I'm not seeing any data go into ES with this configuration. I've tested with

stdout { codec => rubydebug }, and I can see the tags going in and coming out.

I've tested going to individual clusters. They work independently.

I just get no data into the clusters when it's like this.

Thanks

As I read it, in your filebeat configuration your are adding a field called environment. However, in your logstash configuration you are testing a field called tags.

add_tag is used to add an array of values to a named field.

I changed it to simply this:

processors:

• add_tags:
  tags: [dev]

Seems to work.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.