Multi filebeat send log to 1 logstash

(Trương Trang) #1

i want to use file beat in 2 server difference to send log from 2 file in each server to 1 server have logstash running on. How i configure in logstash configure file to determine exactly for each file beat then can to handle by grok for each file log?

(João Duarte) #2

the events (log lines) sent by filebeat will contain metadata like host and filename.
you can use that metadata to create conditionals on logstash to run different grok patterns.

filter {
  if [host] == "host1.local.lan" {
    grok { .. }
  } else {
    grok { .. }

(Trương Trang) #3

thanks you guys,
i have another question, can i have 2 file log send by 1 filebeat ? and how to grok can determine it ?

(João Duarte) #4

it's the same principle, you can configure filebeat to read two files documentation here
and then use the path field of the log line events you receive in logstash to apply conditionals to determine with filters/outputs to use.

(system) #5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.