Questions On Logstash Conf File

stephenb · August 22, 2021, 1:05am

Your when using an architecture like

Beats > Logstash > Elasticsearch

Your Logstash conf file should look like the following

################################################
# beats->logstash->es default config.
################################################
input {
  beats {
    port => 5044
  }
}

output {
  if [@metadata][pipeline] {
    elasticsearch {
      hosts => "http://localhost:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-%{[@metadata][version]}"
      pipeline => "%{[@metadata][pipeline]}" 
      user => "elastic"
      password => "secret"
    }
  } else {
    elasticsearch {
      hosts => "http://localhost:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-%{[@metadata][version]}"
      user => "elastic"
      password => "secret"
    }
  }
}

I also answered some additional detail about this architecture in this post

It happens to be metricbeat but it's very similar for winlogbeat

Topic		Replies	Views
Several config files for beats in logstash Logstash	5	2754	July 6, 2017
Solved: Logstash Is Receiving Data From Winlogbeat But Isn't Showing In Kibana Logstash	1	525	July 21, 2021
Logstash keep logging into default index Logstash	6	1127	July 6, 2017
Beats and logstash Logstash elastic-stack-monitoring	8	680	April 6, 2019
Logstash output from filebeat. What is 'index' configuration option? Beats filebeat	2	408	January 16, 2020

Questions On Logstash Conf File

Related Topics