Hello,
I have the following setup:
- system logs are sent to logstash using filebeat on port 5044,
- Apache logs being sent to logstash (same logstash instance as above) using filebeat on port 5047
I then pull these logs as follows:
/etc/logstash/conf.d/system.conf
input {
beats {
port => 5044
}
}
filter {}
output {
elasticsearch {
hosts => ["https://localhost:9200"]
cacert => "/etc/logstash/conf.d/es-ca.crt"
index => "system"
user => "filebeat"
password => "password"
}
}
/etc/logstash/conf.d/apache.conf
input {
beats {
port => 5047
}
}
filter {}
output {
elasticsearch {
hosts => ["https://localhost:9200"]
cacert => "/etc/logstash/conf.d/es-ca.crt"
index => "apache"
user => "filebeat"
password => "password"
}
}
The issue I have is that, as much as the logs are received, they are mixed. Logs that should be in port 5047 are found on 5044, and vice versa.
How can I ensure logs hitting port 5044 should not also hit 5047?