Logstash to read from multiple server filebeat

Sridhar · February 9, 2018, 1:05pm

Hi All,
below is the file beat I'm configuring in one server with port 5044

filebeat:

prospectors:
- paths:
- /path/to/logs/router-001-yyyymmdd.log
include: "Read from QMANGER:INPUT_IN"
fields: {log_type: input_interface}
-
paths:
- /path/to/logs/router-002-yyyymmdd.log
include: "Write on QMANGER:OUTPUT_OUT"
fields: {log_type: output_interface}

Logstash: config file

input {
beats {
port => 5044
}
}
filter {
if [fields][log_type] == "input_interface" {
mutate {
add_field => { "foo" => "var" }
}
}
if [fields][log_type] == "output_interface" {
mutate {
add_field => { "foo" => "var" }
}
}
}

the above will work for one server log files, if I want to get logs from another servers.. how should I configure logstash conf file.?

Please help..
Thanks,
Sridhar. B

magnusbaeck · February 9, 2018, 1:11pm

Unless you want to filter those log messages differently (or send them to different outputs) you don't have to do anything.

Sridhar · February 9, 2018, 1:17pm

Hi,

yes, in my case I should do the both..

I have to filter them and send them to another ES indies.

Please help..

magnusbaeck · February 9, 2018, 2:24pm

See for example https://stackoverflow.com/a/27147688/414355. The topic has also been discussed here many many times before.

system · March 9, 2018, 2:24pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.