Logstash/ElasticSearch mixing data across indexes

Hello everyone!
I'm a fairly new user to ELK. I've been attempting to setup a single node server to receive two syslog streams in my home lab. I've run into a situation I cannot find a resolution to. Simply put, when I put both of my logstash conf files into logstash, the data streams appear to become mixed in with each other, even though the two are using totally different indexes. They are using different ports as well. So I'm really perplexed why data for the second logstash conf starts appearing in the first logstash conf index. Any pointers?

First logstash conf:
https://pastebin.com/WS2yqL1X

Second logstash conf:
https://pastebin.com/LVbac7YC

Configuration files aren't independent; they're merged and all events from all inputs will reach all filters and outputs unless you use conditionals. You might want to use the multi-pipeline feature in Logstash 6.

This is an extremely common misconception and you should be able to find dozens of old threads discussing this in further detail.

Ah, ok. I did have that misconception. thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.