Logstash from multiple beats server

hasan.idriss · January 19, 2023, 9:34am

hello every one,
i am using logstash to receive data from multiple server using winlogbeats over the port 5044
I want to create an index for each server based on the server name
can some one provide me with the logstash filter and output template to use

hasan.idriss · January 19, 2023, 12:08pm

I found the solution, to whom interested here is my config

filter {
   mutate {
               remove_field => ["[event][original]"]
       }
    if [host][hostname] == "the host name in the log " {
        mutate { add_field => { "[@metadata][indexPrefix]" => "hostname" } }
    }
      }
output{
    stdout { }
    if [@metadata][indexPrefix] {
      elasticsearch {
  .................     
      index =>  "%{[@metadata][indexPrefix]}-%{+YYYY.MM.dd}"
   .............
                      }
        }
      }

system · February 16, 2023, 12:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash configuration: for journalbeat from multiple servers Logstash beats-module	5	453	August 13, 2019
2 indices Logstash	7	279	August 28, 2018
Logstash is not connecting on muliple port for different beats Logstash	12	615	September 28, 2018
Multiple Indexes in logstash from multiple filebeats -hostname Logstash	2	1675	July 10, 2017
Multiple index in elasticsearch from filebeat Beats filebeat	4	3207	August 4, 2017

Logstash from multiple beats server

Related topics