Multiple Indices in Output not working

Sameer_Panicker · April 10, 2016, 1:05am

Based on the [type], matched events should be stored under "iislogs" index, but it is getting stored into "logstash" index.

What am I doing wrong here ?

input
{
file
{
type => "IISLogs"
path => "C:/IISLogs/*"
}
}
output
{
if[type] == "IISLogs"
{
elasticsearch
{
index => "iislogs-%{+YYYY.MM.dd}"
hosts => ["localhost:9200"]
}
}
else
{
elasticsearch
{
index => "logstash-%{+YYYY.MM.dd}"
hosts => ["localhost:9200"]
}
}
stdout
{
codec => rubydebug
}
}

magnusbaeck · April 10, 2016, 8:26pm

If you show an example message that gets stored in the wrong place maybe we can help. For example, show us the output of the stdout output.

Sameer_Panicker · April 11, 2016, 3:53am

It was my mistake. I had renamed type to Type. I corrected that and it worked fine.

Topic		Replies	Views
Does multiple indices in output work? Logstash	1	946	July 6, 2017
Multiple Elasticsearch types output for a same log Logstash	8	1644	July 6, 2017
Logstash - multiple indices for one input file Logstash	3	2067	December 21, 2016
Logstash multiple pipelines going into same index Logstash	3	2335	May 13, 2018
Multiple output in logstash config, pls help! Logstash	7	4096	December 20, 2016

Multiple Indices in Output not working

Related topics