Hi, all,
If I have multiple Pipeline configuration file which belong to same type (all input from syslog ), each file content is difference type device( e.g,. firewall, switch, server ).
How to identify(like added any determine method if..else..etc..)?
Because right now if I put all file in same directory ( /etc/logstash/conf.d/ ) it will cause parsing fail.
Has anyone encountered the same problem before? If yes, could you share your experience, thank you.
This question pops up all the time. Make sure there's some kind of way to distinguish different kinds of events. Different type fields is typical but sometimes not sufficient. Then add conditionals to choose which filters to apply to which messages.
https://www.elastic.co/guide/en/logstash/current/event-dependent-configuration.html
Thank you. : )
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.