Logstash Config Issues

Elastic Stack Logstash
1

I used to have a single input to logstash which I then parsed through conditional statements. I am now adding another input that won't apply to any of the prior work.

  1. Can I just add tags to the input and add another large if else conditional around all of my prior parsing so it skips it?

  2. I want to put this into elasticsearch in a separate index with a separate template. Do I still send both outputs to IP:9200?

  3. I'm also using shield does that effect any of this?

Any input would be helpful. I pay for support however, my support guy is busy until monday and i'd really like to work on this today.

Thanks,
Jack West

2
  1. Can I just add tags to the input and add another large if else conditional around all of my prior parsing so it skips it?

Yes.

  1. I want to put this into elasticsearch in a separate index with a separate template. Do I still send both outputs to IP:9200?

The host:port specification selects which ES cluster you're sending events to. Use the index option to select which index (or index series) to send the events to.

  1. I'm also using shield does that effect any of this?

Nope.