Logstash.yml configuration

I am having 2 issues with logstash:

  1. i have installed winlogbeat on my windows servers. I see that redis is getting all the logs and while looking into logstash-plain.log, i saw errors of type invalid index name. Index cannot contain chsraxters .....

I want to have like syslog-(machinename)-win on kibana. Can you please guide?

  1. if for example i will be adding syslog of linux servers, apache logs,etc. How can i configure logstash to parse the logs and have index like

Syslog-(machinename)-(logtype) on kibana?


If I recall correctly there are some characters that are not allowed and I also think index names need to be all lower case.

It should to me like this will result in a lot of very small indices and shards which is very inefficient and is very likely to lead to performance problems. Why can these not live in a single time-based index?

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.