Logstash different index names per input?

Elastic Stack Logstash
1

I have this logstash config but beats documents get created with index "log-2016.10.12" that is the document_tpye instead of filebeat-xxx. Any idea on how i can set the index name to filebeat and snmptrap index to snmptrap?

input {
        beats {
                type => "filebeat"
                port => 5044
        }

        snmptrap {
                type => "snmptrap"
                community => "public"
                port => 8162
        }
}

### Add your filters / logstash plugins configuration here

filter {
  if "_grokparsefailure" in [tags] {
        drop {}
  }
}

output {
        elasticsearch {
                hosts => "elasticsearch:9200"
                user => "elastic"
                index => "%{type}-%{+YYYY.MM.dd}"
        }
}
2

index => "%{[@metadata][type]}-%{+YYYY.MM.dd}"

I had the same idea a few hours ago :slight_smile:

3

but for smtptraps input metadata type is not set, isnt it? I want to set different index for smtptraps filebeat and metricbeat.

4

I only use filebeat, try:
index => "%{[type]}-%{+YYYY.MM.dd}"

5

No, it doesnt work, still create log-2016.10.13 index. Any one else?

6

Try to set the document_typ in filebeat to "filebeat", default is log
https://www.elastic.co/guide/en/beats/filebeat/current/configuration-filebeat-options.html

7

is there a way to set document_type globalyl in filebeat? I have like 40 prospectors and dont want to include it on each of them.