Hi,
My problem is that the conditions in my logstash conf file in the output section, seems to not work.
here is my output section:
output {
if "topbeat" in [tags] {
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["10.1.101.1", "10.1.102.1", "10.1.103.1"]
manage_template => false
index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
document_type => "%{[@metadata][type]}"
}
}
}
else if "nginx" in [tags] {
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["10.1.101.1", "10.1.102.1", "10.1.103.1"]
index => "logstash-isg-%{+YYYY.MM.dd}"
}
}
}
else if "scarlette" in [tags] {
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["10.1.101.1", "10.1.102.1", "10.1.103.1"]
manage_template => false
index => "logstash-scarlette-%{+YYYY.MM.dd}"
}
}
}
else if "serveur_owncloud" in [tags] {
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["10.1.101.1", "10.1.102.1", "10.1.103.1"]
index => "logstash-owncloud-%{+YYYY.MM.dd}"
}
}
}
else if "brouette" in [tags] or "poussette" in [tags] {
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["10.1.101.1", "10.1.102.1", "10.1.103.1"]
manage_template => false
index => "logstash-mta-%{+YYYY.MM.dd}"
}
}
}
else if "serveur_proxy" in [tags] or "serveur_dns" in [tags] {
if "_grokparsefailure" not in [tags] {
elasticsearch {
hosts => ["10.1.101.1", "10.1.102.1", "10.1.103.1"]
}
# file {
# path => "/var/log/LS-redis-flux.log"
# }
}
}
}
To give you an example, i have some "serveur_proxy" data that goes into the tobeat indexe.
I don't find the solution...
Anyone can help me please