Multiple log in input, how to filter one by one?

fabueno · April 15, 2019, 10:32am

Hi, Im a beginner with ELK and I want to apply different filter on my log.
This is my input file :
input {
beats {
type => log
port => 5044
host => 0.0.0.0
}
}
With this file, we listen on port 5044, from everywhre, and each log we received on this port will have the log type. Are we ok ?

Now if i receive Apache log on this port, and Syslog too for example, how can I filter filter them. I mean how in the filter I can take only apache log, or only log file ?

And when I used filebeat modules, should I have to create by my self a filter file ?

Sorry for bad english and thank you.

Badger · April 15, 2019, 11:45am

This thread has an example of making adding fields to a record in filebeat and using conditionals in the filter in logstash.

fabueno · April 16, 2019, 6:50am

Hi and thanks.

When I have this input :

filebeat.inputs:
- type: log
  paths:
    - /var/log/auth1.log
  fields:
    log_type: auth1
  fields_under_root: true
- type: log
  paths:
    - /var/log/auth2.log
  fields:
    log_type: auth2
  fields_under_root: true

My filter file will start like :
filter {
if [log_type] == "auth1" {
grok { blabla }
}
}

This will be ok ?

Badger · April 16, 2019, 12:01pm

That looks right, yes.

system · May 14, 2019, 12:01pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to filter Filebeat input in Logstash from different log? Logstash	2	2964	October 12, 2018
Filter multiple different file beat logs in logstash Logstash	5	23433	March 30, 2017
Logstash - Multiple Logs Logstash	4	351	April 6, 2020
Logstash does not process multiple filebeat inputs Logstash	3	962	February 14, 2019
Filtering on beats fields issue Logstash	7	2211	September 5, 2017

Multiple log in input, how to filter one by one?

Related Topics