Multiple ElasticSearch Indexes in Logstash Output

Sameer_Panicker · April 2, 2016, 5:10am

if[type] == "IISLogs"
{
elasticsearch
{
index => "iislogs"
hosts => ["myserver:9200"]
}
}
else
{
elasticsearch
{
index => "filebeat-2016.03.27"
hosts => ["myserver:9200"]
}
}

Since, filebeat indexes are created daily i.e. filebeat-YYYY-mm-dd format. How can I specify the latest index of filebeat in above output configuration. If I specify filebeat-2016.03.27, it works fine. But I want something generic.

How can I achieve that ?

magnusbaeck · April 2, 2016, 2:50pm

See the documentation of the elasticsearch output's index option and its default value. See also the sprintf format documentation.