Logstash - setting ElasticSearch index based on different input type

Bikash_Behuria · December 23, 2017, 1:02pm

Hi ,

I have two input plugins in Logstash i.e. filebeat , and kafka topics for two different type and sources of logs.

Now i want to filter , process the logs and send to different Elasticsearch indexes . Now since I am very new to this area , not been able to find solution. My conf looks like below , can someone suggest me

Thanks-Bikash

input {
beats {
port => 5044
type => "iislogs"
}

kafka {
bootstrap_servers => "localhost:9092"
topics => "ApplicationError"
type => "applicationerror"
}
}

Filter {

if[type] == "iislogs" {
grok {
match =>["message", "%{TIMESTAMP_ISO8601:log_timestamp} %{WORD:serviceName} ]
}

if[type] == "applicationerror" {
grok {
#...for application error parsing
}

}

Here in output i want to send this to different indexes based on input type

output {
elasticsearch {
hosts => ["localhost:9200"]
index => %{type}
}
stdout { codec => rubydebug }
}

arisbanach · December 27, 2017, 2:08pm

I think you just need quotation marks around the type variable in your output, but I could be wrong. What error do you get?

system · January 24, 2018, 2:08pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kafka input - Type missing Logstash	4	392	September 3, 2019
Conditional Filebeat output based on document type Beats filebeat	2	2581	February 26, 2018
Logstash Kafka Input Plugin Data has Type Already Logstash	6	1033	July 6, 2017
Logstash filter plugin elasticsearch problem Logstash	1	446	January 8, 2018
Logstash always output input event type as log Logstash	4	1483	July 6, 2017

Logstash - setting ElasticSearch index based on different input type

Here in output i want to send this to different indexes based on input type

Related topics