Log viewing through Filebeat

Akhil2 · March 18, 2021, 7:33pm

Hello there,

I am trying to explore the possibility of log viewing through Kibana dashboard.

I understand the process of setting up logs location in filebeat.yml file and then create index in kibana and then view logs from discover section.

what if I have more than one location from where l need to pick logs and then create multiple indexes to view them. how i am supposed to do that? How am I supposed to create more than one index? Because with the process I described above kibana automatically shows me the index I need to create.

please let me know!

Thanks,
Akhil

shaunak · March 18, 2021, 7:52pm

Filebeat lets you create multiple inputs, even of the same type (most probably log in your case). See the second example in Log input | Filebeat Reference [7.11] | Elastic.

By having multiple inputs, each input can specify different settings. One of these settings is the Elasticsearch index you want data from that input to be indexed into: Log input | Filebeat Reference [7.11] | Elastic.

Hope that helps,

Shaunak

Akhil2 · March 18, 2021, 8:38pm

Thank you Shaunak!! Appreciate your help. Will look into it

Akhil2 · March 23, 2021, 2:02am

Hello Shaunak,

I have set up the following configuration in filebeat config file but it is not picking up the second input. not sure why

filebeat.inputs:

type: log
enabled: true
paths:
- C:\ELK7.9.2\Logs*.log
type: log
enabled: true
paths:
- C:\ELK7.9.2\LogsA*.log

Can you please tell me if i am making any mistake here?

Thanks,
Akhil

system · April 20, 2021, 4:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.