I'm using Logstash version 8.8.0.
I have two Logstash conf files under /etc/logstash/conf.d folder, one is called "syslog_cisco.conf", another one is called "test.conf" as below:
syslog_cisco.conf
input {
udp {
port => 6000
add_field => { "dst_port" => "6000" }
}
}
output {
if [dst_port] == "6000" {
elasticsearch {
hosts => ["***************", "***********", ]
user => "*******"
password => "**********"
index => "**********"
}
}
test.conf
input {
udp {
port => 6001
add_field => { "dst_port" => "6001" }
}
}
output {
if [dst_port] == "6001" {
elasticsearch {
hosts => ["***************", "***********", ]
user => "*******"
password => "**********"
index => "**********"
}
}
I want to run these two conf files together.
I did some research and found Introducing Multiple Pipelines in Logstash.
I followed the tutorial, created two different pipelines in /etc/logstash/pipelines.yml as below:
- pipeline.id: main
path.config: "/etc/logstash/conf.d/syslog_cisco.conf"
- pipeline.id: test
path.config: "/etc/logstash/conf.d/test.conf"
When I run the Logstash as a service use "systemctl start logstash", only the first pipeline (id: main) is running and sending the syslog to Elastic search, the second pipeline (id: test) is not working at all.
Did I miss anything here?