Can I configure multiple log path for multiple indexes. At present I have indexes named as IISLogs and ServiceLogs. I am using FB -> ES -> KB.
Is it possible to configure C:\My IIS LOGS\.log -> IISLOGS and C:\My Service LOGS\.log -> ServiceLogs. If Yes, where can I do this ?
Any update on this ?
In filebeat it is not possible to send data to multiple indices when sent directly to elasticsearch. When sending to Logstash first, Logstash can split up your log files and send them to different indices. Best is to use in filebeat 2 different prospectors for the log files and set a different document_type or field, so this can be used in Logstash to do the logic.
How can I have multiple indexes in the output field ? Can I add IF and ELSE checks ?
That is not possible with filebeat. You can do this kind of transformations with Logstash.
Yes i am asking for logstash configuration only....
For if statements it is best to have a look at the LS docs here: https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.