Logs mixed - same path on different servers

Elastic Stack Beats
1

i have 2 services running on apache: mail + drive

the logs are getting mixed because they are on the same path (but on different servers).

- type: log
  tags: ['drive']
  fields_under_root: true
  fields:
    '@metadata.gzip': true
    '@metadata.saveto': 'drive.log'
  paths:
    - /var/log/apache2/access.log
    - /var/log/apache2/error.log

- type: log
  tags: ['mail']
  fields_under_root: true
  fields:
    '@metadata.gzip': true
    '@metadata.saveto': 'mail.log'
  paths:
    - /var/log/apache2/access.log
    - /var/log/apache2/error.log

is there a way to apply a conditional (when?) to paths: or fields:?

so i can set the filename based on hostname.

something like

...
processors:
  - add_fields.when:
      contains.host.name: drv-srv-
        fields:
          '@metadata.gzip': true
          '@metadata.saveto': 'drive.log'

...
processors:
  - add_fields.when:
      contains.host.name: mail-srv-
        fields:
          '@metadata.gzip': true
          '@metadata.saveto': 'mail.log'
2

so... is logstash my only option here?

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.