Questions On Logstash Conf File

stephenb · August 22, 2021, 1:05am

Your when using an architecture like

Beats > Logstash > Elasticsearch

Your Logstash conf file should look like the following

################################################
# beats->logstash->es default config.
################################################
input {
  beats {
    port => 5044
  }
}

output {
  if [@metadata][pipeline] {
    elasticsearch {
      hosts => "http://localhost:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-%{[@metadata][version]}"
      pipeline => "%{[@metadata][pipeline]}" 
      user => "elastic"
      password => "secret"
    }
  } else {
    elasticsearch {
      hosts => "http://localhost:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-%{[@metadata][version]}"
      user => "elastic"
      password => "secret"
    }
  }
}

I also answered some additional detail about this architecture in this post

It happens to be metricbeat but it's very similar for winlogbeat

Topic		Replies	Views
2 indices Logstash	7	279	August 28, 2018
Several config files for beats in logstash Logstash	5	2756	July 6, 2017
Logstash with input from file and input from beats (port 5044) create two indices with the same data Logstash	3	420	August 22, 2019
Solved: Logstash Is Receiving Data From Winlogbeat But Isn't Showing In Kibana Logstash	1	527	July 21, 2021
Logstash keep logging into default index Logstash	6	1127	July 6, 2017

Questions On Logstash Conf File

Related topics