Logstash/ElasticSearch mixing data across indexes

enigy · April 28, 2018, 10:41pm

Hello everyone!
I'm a fairly new user to ELK. I've been attempting to setup a single node server to receive two syslog streams in my home lab. I've run into a situation I cannot find a resolution to. Simply put, when I put both of my logstash conf files into logstash, the data streams appear to become mixed in with each other, even though the two are using totally different indexes. They are using different ports as well. So I'm really perplexed why data for the second logstash conf starts appearing in the first logstash conf index. Any pointers?

First logstash conf:
https://pastebin.com/WS2yqL1X

Second logstash conf:
https://pastebin.com/LVbac7YC

magnusbaeck · April 29, 2018, 7:21am

Configuration files aren't independent; they're merged and all events from all inputs will reach all filters and outputs unless you use conditionals. You might want to use the multi-pipeline feature in Logstash 6.

This is an extremely common misconception and you should be able to find dozens of old threads discussing this in further detail.

enigy · April 29, 2018, 11:39am

Ah, ok. I did have that misconception. thank you!

system · May 27, 2018, 11:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logs duplicated in all indices Elasticsearch	2	981	May 8, 2018
Logstash multiple pipelines going into same index Logstash	3	2334	May 13, 2018
Multiple Logstash Configuration Files Logstash	4	5545	June 29, 2020
Logstash different .conf inputs are mixing up entries in indexes Logstash	4	973	April 24, 2019
Multiple logstash configs with different filters running at the same time Logstash	7	533	July 24, 2020

Logstash/ElasticSearch mixing data across indexes

Related Topics