Hello
I have some questions about my future configuration of logstash.
At this time, I have
One input :
input { beats { port => 5044 } }
one grok filter to parse a log of a ftp software
and one output :
output {
elasticsearch {
hosts => "fqdn:9200"
manage_template => false
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
stdout {
codec => rubydebug
}}
I have a second filter to add (from another software but same port because it's a beat), so my question is :
can I put this second filter in the same file ?
how I can send in another indice (I don't want to share all my messages in the same indice) ?
or the best practice is to put my second filter in another file (with one block input, one block filter, one block output ?) and do the same for the other filters ?
thank you for your reply ?