Hi,
At some of my servers I am trying to setup metricbeat alongside filebeat . I configured metricbeat on my kibanaserver and elasticsearchserver to go to elasticsearch directly. However these application servers are being led through logstash.
Metricbeat on that appsevers seems to send out metrics to logstash if I must believe the log. However apearantly in logstash I do something wrong.
input is pretty simple:
input {
beats {
port => 5044
}
}
After this a filterblock.
And then the outputblock
output {
### Send the events to ElasticSearch, which a different index based on the log file the events came from.
if "monitoring-log" in [tags] and "apigateway" in [tags] {
elasticsearch {
hosts => ["pdbs246.grn.prd.itv.local:9200"]
document_id => "%{[@metadata][fingerprint]}"
index => "agl-monitoring-%{+YYYY.MM.dd}"
sniffing => false
}
}
else if "api-log" in [tags] and "apigateway" in [tags] {
elasticsearch {
hosts => ["pdbs246.grn.prd.itv.local:9200"]
document_id => "%{[@metadata][fingerprint]}"
index => "agl-api-%{+YYYY.MM.dd}"
sniffing => false
}
}
else if "metricbeat" in [tags] {
elasticsearch {
hosts => ["pdbs246.grn.prd.itv.local:9200"]
index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
}
Appearantly this last piece is wrong. How do I correctly determine metricbeat lines to send to the ES index?