In my filebeat enable system module and application logs

prakash22 · December 8, 2020, 11:58am

I am sending these logs to logstash. But here both application, system logs are going to one index. But I want send to two indexes.
This is logstash pipeline.

input {
beats {
port => 5044
ssl => false
}
}

output {
elasticsearch {
hosts => "http://localhost:9200"
user => elastic
password => wU8WRmKo1pPI0CqS193d
index => "odooserverlog"
}
}

Please help me on this...

warkolm · December 9, 2020, 3:16am

You will need to use a conditional in the output and split them based on the source Beat.

Are you using ILM here, or is this just a single index?
If it's a single index, that is not an ideal approach as you will have to delete old data from within the index, which is inefficient.

prakash22 · December 9, 2020, 7:01am

Yes I want to use condition in the output. Can you please suggest the logstash pipeline file.
My requirement is application logs sent to odooserverlog index
filebeat system module logs has sent to another index

system · January 6, 2021, 7:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Output logs to multiple index from logstash Logstash	7	5776	December 20, 2019
Using Filebeat with multiple indices and logstash Beats filebeat	4	2723	January 13, 2020
How to make output to two index using logstash Logstash	2	263	July 17, 2020
Logstash saving data into two indices (Duplicated Data) Logstash	2	255	December 14, 2020
Multiple index in elasticsearch from filebeat Beats filebeat	4	3207	August 4, 2017

In my filebeat enable system module and application logs

Related topics