Logstash Forwarder on 2 machines


(Tatushar3) #1

ogstash forwarder is installed on two machines and both are shipping logs to a single machine where logstash is installed.How do I distinguish between the logs of two machines


(Magnus Bäck) #2

Are you sure there isn't already a field (client or host IIRC) containing the hostname of the originating host?


(Tatushar3) #3

yes there are but when i use if[host]=="host name of machine where forwarder is installed" logstash does not parse the logs it is stuck. On cmd i get Logstash start up completed but no further processing of logs is there.

But the type field attached in forwarder.conf seems to work now.Don't know why it was not working yesterday

I have one more query.Once logstash parses the logs and if I restart it will not parse the same log again. Either I have to rename it or I have to modify my logs somehow.


(Magnus Bäck) #4

I have one more query.Once logstash parses the logs and if I restart it will not parse the same log again. Either I have to rename it or I have to modify my logs somehow.

Yes, this is by design. You wouldn't want all your logs to be parsed again just because you restarted Logstash, would you? Please read the file input documentation and the discussion forum archives about sincedb.


(system) #5