Multiple inputs on the same port

I have five servers who generate 5 other jsons with two recognize field type (example value server1) and source (example value server_name).
My question is whether I can send data of five server on one input port and recognize based on type and source fields inputs and create 5 indexes in elasticsearch?

Hello @hoff,

Yes you can send and can apply filet with the loop of if else if .
I was doing the same day before

Regards
Shrikant

I have configuration like that :

   tcp {
    port => 5044
    codec => json
  }
}

filter {
 if ([fields][servername] == "first") {
    mutate {
      replace => {
        "[type]" => "first"
      }
    }
  }
  else if ([fields][servername] == "second") {
    mutate {
      replace => {
        "[type]" => "second"
      }
    }
  }
}

output {

  elasticsearch {
   hosts => "x.x.x:x"
   manage_template => false
   index => "%{type}-%{+YYYY.MM.dd}"
}
}

This is example configuration with two servers for tests. Below you may see the name of the returned index.

Hello @hoff

this is my logstash config file

input {
beats {
port => 5044
}
}
filter {
if [service_id] == "pDNcb2gBY7Thni_1PwRv" {
json {
source => "message"
}
date {
match => [ "received", "yyyy-MM-dd HH:mm:ss" ]
target => "@timestamp"
}
}
else {
csv {
separator => ","
columns => ["request","Gender","Name","ID"]
}
date {
match => [ "received", "yyyy-MM-dd HH:mm:ss" ]
target => "@timestamp"
}
}
}
output{
if [service_id] == "pDNcb2gBY7Thni_1PwRv" {
elasticsearch {
hosts => "localhost:9200"
index => "index_name"
}
stdout{}
}
else {
elasticsearch {
hosts => "localhost:9200"
index => "index_name"
}
stdout{}
}
}

Thank you for replies shrikantgulia.
I solved my problem.
I transformed the nested fields in the filter using a mutate and rename and the next I placed renamed field in output.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.