Logstash from multiple beats server

hasan.idriss · January 19, 2023, 9:34am

hello every one,
i am using logstash to receive data from multiple server using winlogbeats over the port 5044
I want to create an index for each server based on the server name
can some one provide me with the logstash filter and output template to use

hasan.idriss · January 19, 2023, 12:08pm

I found the solution, to whom interested here is my config

filter {
   mutate {
               remove_field => ["[event][original]"]
       }
    if [host][hostname] == "the host name in the log " {
        mutate { add_field => { "[@metadata][indexPrefix]" => "hostname" } }
    }
      }
output{
    stdout { }
    if [@metadata][indexPrefix] {
      elasticsearch {
  .................     
      index =>  "%{[@metadata][indexPrefix]}-%{+YYYY.MM.dd}"
   .............
                      }
        }
      }

system · February 16, 2023, 12:09pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logstash configuration: for journalbeat from multiple servers Logstash beats-module	5	453	August 13, 2019
Multiple Indexes in logstash from multiple filebeats -hostname Logstash	2	1675	July 10, 2017
How to configure ELK to receive logs from multiple servers Logstash	4	1681	February 24, 2021
How to forward index from filebeat to elasticsearch via logstash using http output Logstash	4	317	April 26, 2023
What is the easiest way to create indexes for different nginx logs in logstash Logstash	5	131	June 27, 2024

Logstash from multiple beats server

Related Topics