hey , im trying to create multiple source input from Filebeat , than injecting them into logstash to apply filters , and finally transfer the sources to elasticsearch as indexes
The problem i have , only one index is created instaed of 2 in Elasticsearch , in which part i should specify my index name please ?
input {
beats{
type => "filestream"
port => 5044
}
stdin{}
}
filter {
}
output {
if [type] == "filestream" {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "my-index-%{+YYYY.MM.dd}"
}
}
else {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "my-other-index-%{+YYYY.MM.dd}"
}
}
stdout{ }
}
GET /_cat/indices/my*?v
health status index uuid pri rep docs.count docs.deleted store.size pri.store.size
yellow open my-index-2023.04.27 b-zdx_d4Q-O0gvd2vAjYug 1 1 28998 0 11.3mb 11.3mb
yellow open my-other-index-2023.04.27 s7AZzmezS7qZnEJTmbmVyA 1 1 3 0 13.8kb 13.8kb
Thanks for your quick reply. What i want to say , if you have 2 filestream inputs in Filebeats , and your output is Logstash , on your logstash configuration file , you specity the output to Elasticsearch .
In this case , how can you create 2 indexes ? hope my question is clear AND THANKS AGAIN
Roll Up your sleeves and read the docs... here is one way. there are multiple ways...
Here is one...
Tag each filebeat input
- type: filestream
# Unique ID among all inputs, an ID is required.
id: my-filestream-id
enabled: true
paths:
- /var/log/*.log
# Add a tag to be used later
tags: ["app-type-1"]
...
Then logstash output
tags are an array so it looks a little different
output {
if "app-type-1" in [tags]{
elasticsearch {
hosts => ["http://localhost:9200"]
index => "my-type-1-index-%{+YYYY.MM.dd}"
}
}
else if "app-type-2" in [tags] {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "my-type-2-index-%{+YYYY.MM.dd}"
}
}
else {
elasticsearch {
hosts => ["http://localhost:9200"]
index => "my-type-other-index-%{+YYYY.MM.dd}"
}
}
stdout{ }
}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.