Hi,
I have a need to route different message types to different elasticsearch clusters. I realise I could do this by having different "elasticsearch" output blocks separated by "if" conditionals. However, that is wasteful and long winded...
What I'd like to do is set a variable containing the list of hosts for the cluster corresponding to that message type. Is this possible? If so, how would you recommend I do this?
In addition to what other folks have suggested, you can use the translate filter to look up a message type in a table and obtain a hostname. That way you don't have to reload the Logstash configuration when you want to update the mapping table.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.