Mixed logs

Pedro_Cabral · October 16, 2018, 7:02am

Hello all,

I have the following configurations:

input {
  beats {
port => "8514"
type => "winlogbeat"
  }
}

output {
    elasticsearch {
            hosts => ["10.192.144.9:9200"]
            manage_template => false
            sniffing => true
            index => "ad-%{+YYYY.MM.dd}"
    }
}

and

input {
  beats {
    port => "8513"
    type => "winlogbeat"
   }
}
output {
        elasticsearch {
                hosts => ["10.192.144.9:9200"]
                manage_template => false
                sniffing => true
                index => "sysmon-%{+YYYY.MM.dd}"
        }
}

In kibana I have 2 different index pattern one ad-* and sysmon-* but when I see the logs I have sysmon logs with ad logs.

Can someone please tell me why this is happening and how I can fix it?
Thanks in advance for your help.

Best Regards,
Pedro Cabral

Christian_Dahlqvist · October 16, 2018, 7:15am

Logstash concatenates all configuration files in the directory, so unless you use conditionals to control the flow or define multiple pipelines, all data will go to all outputs. This has been discussed here a lot, so you should be able to search and find examples if needed.

Pedro_Cabral · October 16, 2018, 8:00am

Thank you for your reply!
Best Regards,
Pedro Cabral

system · November 13, 2018, 8:00am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kibana index shows same data Kibana	3	376	September 18, 2018
Logs duplicated in all indices Elasticsearch	2	1001	May 8, 2018
Separate configs, different indexes yet both logs go to both indexes Logstash	2	549	October 30, 2017
[Solved] Logstash sends logs to the same elasticsearch index even after I configured not to do so Logstash	3	621	May 24, 2018
Data mixed between indices Logstash	10	3096	July 6, 2017

Mixed logs

Related topics