Is an index automatically created for filebeat?

przemolb · November 21, 2017, 3:21pm

Hello,

I have just started filebeat (serverX) and logstash(serverY) with the following configuration

gist.github.com

https://gist.github.com/anonymous/053d6cf2f8f68e9ca53828d2cd3852af

filebeat.yml

filebeat.prospectors:
- input_type: log
  paths:
    - /var/log/*
  exclude_files: [".gz$"]
output.logstash:
  hosts: ["x.x.x.x:5043"]

logstash.conf

input {
        beats {
                port => "5043"
        }
}
output {
    elasticsearch {
        hosts => [ "y.y.y.y:9200" ]
        manage_template => false
        index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"

This file has been truncated. show original

Elasticsearch (serverZ) is running on another host.

how can I verify that the logs from serverX get transfered to serverZ ?
do I have to manually create an index on ES(serverZ) for all the logs from serverX ? Can it be done automatically ?

system · December 19, 2017, 3:21pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.