Hi Team,

I have created a pipeline and sending data from filebeat to logstash and to Elasticsearch. and I have created one custom field from filebeat to filter the data. Not sue why it is not sending data to "apa" index. kindly please assit here.

input {
beats {
port => 5044
}
}

filter
{

if [field] == "APAC"
{

kv {
source => "message"
field_split => "|"
value_split => "="
}
}
else
{
kv {
source => "message"
field_split => "|"
value_split => "="
}
}

}
output
{
if [field] == "APAC"
{

elasticsearch {
hosts => ["http://derusvluelaap01.eyua.net:9200", "http://derusvluelaap02.eyua.net:9200", "http://derusvluelaap03.eyua.net:9200"]
index => "apa"
}
}
else{
elasticsearch {
hosts => ["http://derusvluelaap01.eyua.net:9200", "http://derusvluelaap02.eyua.net:9200", "http://derusvluelaap03.eyua.net:9200"]
index => "amma"
}
}
}

filebeat custom field which have created.

Optional fields that you can specify to add additional information to the

output.

#fields:

env: staging

fields:
syslog: APAC

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.