Multiple logstash config files

hello everyone

i have a log in which i have to parse some informations
i have did 7 patterns (7 config files )
and i have to stock this informations in elasticsearch
well when i use logstash to run each config file
it works !
but when i use the directory path
to run them all at the same time does not work!
could ypu please help me

an example of a config file

input {
file {
path => ["C:/Users/THINKPAD/Downloads/logstash-6.2.2/essai/."]

}
}

filter {
grok {
match => { "message"=> "%{TIMESTAMP_ISO8601:timestamp}%{GREEDYDATA:message1}\s+of\s%{NOTSPACE:nom_job}%{GREEDYDATA:statut}\s+executed\sin\s%{GREEDYDATA:duration}"}
}

if "_grokparsefailure" in [tags] {
drop {}
}

}

output {
elasticsearch { hosts => ["localhost:9200"]
index=>"conversion"}
stdout {
codec => rubydebug
}
}

and i work for the same log !
but when i didn't make

if "_grokparsefailure" in [tags] {
drop {}
}

it works
the problem is that when i didn't use it
it parse all the lines (2000 lines )
and in elasticsearch tables
i found the researchable lines and the other lines
some one can help me please !

Unless you use the multi-pipeline feature Logstash configuration files aren't independent. Logstash merges them together so that all events from all events will reach all filters and outputs unless you use conditionals.

This is an extremely common misconception that people ask about every week. Please consult old threads for elaborations.

i added a type for every config file and it works 100%
thanks any way

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.