Logstash forwarder settings

emilio · March 6, 2017, 10:42am

Dear all,

I have a lot of application logs on different hosts.

I am going transfer all my application logs into time based index.

So, i have couple of questions:

1.How and where i can mark transferring logs that they belong to some application?

For example, logs of "A application", "B application", etc.

2.Should me to insert logs in time based index in the same type giving some settings in logstash forwarder or not?

3.Where can i get all possible settings for logstash forwarder and logstash indexer?

Thank you in advance

magnusbaeck · March 6, 2017, 10:59am

How and where i can mark transferring logs that they belong to some application?

The type field is often used for this, but you can define other fields too.

Should me to insert logs in time based index in the same type giving some settings in logstash forwarder or not?

Sorry, I can't parse this sentence.

Where can i get all possible settings for logstash forwarder and logstash indexer?

Have you looked at the documentation at elastic.co?

emilio · March 6, 2017, 11:13am

Thanks a lot Magnus.

Should me config it in logstash forwarder or in logstash indexer?

I mean should me insert logs which belong to different applications to the same "table"-type or not by means some settings in logstash forwarder

magnusbaeck · March 6, 2017, 11:16am

Should me config it in logstash forwarder or in logstash indexer?

Do that as close to the source as possible, i.e. in the forwarder instance of Logstash that collects the data.

emilio · March 6, 2017, 11:34am

Thank you very much for quick response, Magnus.

Time based index also should be configured in logstash forwarders which are collects data?

magnusbaeck · March 6, 2017, 12:03pm

That's typically done in the indexer instance.

emilio · March 6, 2017, 12:42pm

Dear Magnus,

Could you please provide one examples of logstash-forwarder config and one example of logstash-indexer config for my case?

Imagine that i have two tomcats on the same host and two applications working on them (A and B).

The goal is place logs of applications to time based index in elasticsearch and having properties reffered to applications generated these logs.

It will be greatly appreciated and it will be solution of this topic for me.

Thank you in advance.

emilio · March 7, 2017, 10:22am

Magnus, could you please help me?

magnusbaeck · March 7, 2017, 10:27am

I'm afraid I don't have time to write up such detailed examples.

system · April 4, 2017, 10:28am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.