Hi,
I have filebeat configured to send some modules to logstash and on logstash I have a pipeline that handles syslog (file from the documentation)
I want to add some more custom logs on filebeat and I'm wondering what's the best approach to parse this. Since my pipeline config for syslog os on One file should I separate input, filter and output and create filter config for each thing I want?
Bruno
Hi,
I've read some options working on 6.x saying that this is solved using two filebeat instances, is this still the best option for 7.x?
Hi Bruno,
You could use the same instance of filebeat to send data to logstash. You can add multiple tags to the various inputs and then use conditionals to write specific filters. (Accessing event data and fields | Logstash Reference [8.11] | Elastic)
You could also use multiple beats or syslogs and implement multiple pipelines as described here.
Hi,
Thank you, gonna give it a try
Bruno
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.