Logstash - multiple indices for one input file

krishna_chaitanya · November 23, 2016, 2:02am

I want to create multiple indices using Logstash configuration into ES. From my understanding, it is easy to use type in file-input if we have multiple inputs. Then, create one index per one type.

But, I do not have multiple input files here. I have only one input-file. I just want to parse results differently. That means, for one index, I want to apply lot of filters(date,split,ruby..); for the other index, I do not want any filters applied. Finally put these indices into same elasticsearch output cluster.

How to achieve this?
Below is config file which describes what I want to achieve.

input {
  file {
    codec => json
    path => "/path/to/json"
    start_position => "beginning"
  }
}

filter {
   #### **apply these filters only for index2**
}

output {
  elasticsearch {
    hosts => ["localhost:9200"]
    index => "index1" 
  }
  elasticsearch {
    hosts => ["localhost:9200"]
    index => "index2" 
  }
  stdout { codec => rubydebug }
}

warkolm · November 23, 2016, 2:24am

Use https://www.elastic.co/guide/en/logstash/current/plugins-filters-clone.html and a bunch of conditionals

krishna_chaitanya · November 23, 2016, 1:31pm

Thanks for the idea. I think that is going to work. Let me try

system · December 21, 2016, 1:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Is it possible to create multiple index in single config file with different input locations? Logstash	3	862	July 6, 2017
Create multiple indexes with same logstash config file Logstash	2	9312	September 14, 2017
How to create multiple indexs with multiple input in logstash Logstash	8	2899	March 19, 2021
Multiple filebeat input in logstash but how to create different set of index for them Logstash	6	5454	March 6, 2019
Multiple output in logstash config, pls help! Logstash	7	4095	December 20, 2016

Logstash - multiple indices for one input file

Related topics