Logstash Config Issues

Jackal9301 · January 22, 2016, 2:00pm

I used to have a single input to logstash which I then parsed through conditional statements. I am now adding another input that won't apply to any of the prior work.

Can I just add tags to the input and add another large if else conditional around all of my prior parsing so it skips it?
I want to put this into elasticsearch in a separate index with a separate template. Do I still send both outputs to IP:9200?
I'm also using shield does that effect any of this?

Any input would be helpful. I pay for support however, my support guy is busy until monday and i'd really like to work on this today.

Thanks,
Jack West

magnusbaeck · January 23, 2016, 4:51pm

Can I just add tags to the input and add another large if else conditional around all of my prior parsing so it skips it?

Yes.

I want to put this into elasticsearch in a separate index with a separate template. Do I still send both outputs to IP:9200?

The host:port specification selects which ES cluster you're sending events to. Use the index option to select which index (or index series) to send the events to.

I'm also using shield does that effect any of this?

Nope.

Topic		Replies	Views
How to push same document into multiple indexes? Logstash	7	3286	September 19, 2018
Multiple pipelines or tags or if or else if? Logstash	3	2880	April 24, 2019
Conditional in the output is ignored Logstash	6	439	February 15, 2022
Tags in input Logstash	6	15456	April 5, 2018
How to improve Logstash configuration for outputs Logstash	2	208	April 29, 2022

Logstash Config Issues

Related topics