"Index" output setting

ElevenB2003 · May 7, 2018, 8:51pm

Hello,

I have multiple configuration files for logstash and each has their own input, filter, and output. However, I'm experiencing something strange: all data is flowing into all indexes even though I'm using the "index" output setting and specifying the data should be sent to its respective index.

Is this expected or am I missing something?

Example:
Output code from file 1:

output {
elasticsearch {
hosts => "localhost:9200"
user => "elastic"
password => "mypassword"
index => "index1-%{+YYYY.MM.dd}"
}
}

Output code from file 2:

output {
elasticsearch {
hosts => "localhost:9200"
user => "elastic"
password => "mypassword"
index => "index2-%{+YYYY.MM.dd}"
}
}

All data is appearing in both indexes...

Thanks!

magnusbaeck · May 8, 2018, 6:04am

Logstash concatenates these files. All events from all inputs will go to all outputs unless you use conditionals. You can also consider the multi-pipeline feature in Logstash 6.

system · June 5, 2018, 6:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash is sending logs to all output index configured in all conf's in pipeline Logstash windows	2	359	June 30, 2020
Multiple configuration files are indexing to all outputs Logstash	2	1033	September 2, 2017
LOGSTASH Using different input index than the one specified Logstash	4	243	October 10, 2022
Does multiple indices in output work? Logstash	1	946	July 6, 2017
Logstash multiple pipelines going into same index Logstash	3	2336	May 13, 2018

"Index" output setting

Related topics