Removing duplications in output block

BentCoder · July 2, 2017, 10:18am

Hi,

Any way of slimming output down? Duplication looks ugly. For example host, sniffing and manage_template could be made common/shared.

Thanks

output {
    if [type] == "apache-access" {
        elasticsearch {
            hosts => ["localhost:9200"]
            sniffing => true
            manage_template => false
            index => "ap-index"
        }
    } else if [type] == "symfony-dev" {
        elasticsearch {
            hosts => ["localhost:9200"]
            sniffing => true
            manage_template => false
            index => "my-hello-index"
        }
    }
}

Christian_Dahlqvist · July 3, 2017, 6:18am

As the only thing that differs is the index prefix, you can set the index prefix in a metadata parameter in the index block and then reference this in a single output as described in this post. This means that you only need one elasticsearch output irrespective of index name, which in addition to clean up the configuration also can improve performance as a batch only will result in a single, larger bulk request.

system · July 31, 2017, 6:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Multiple templates in one logstash.conf Elasticsearch	3	2338	July 5, 2017
Externalization of hosts settings in output Logstash	6	446	November 28, 2020
Does multiple indices in output work? Logstash	1	946	July 6, 2017
Duplicate query error Logstash	2	381	January 17, 2018
Elasticsearch output hosts list Logstash	5	332	October 13, 2020

Removing duplications in output block

Related topics