Removing duplications in output block

BentCoder · July 2, 2017, 10:18am

Hi,

Any way of slimming output down? Duplication looks ugly. For example host, sniffing and manage_template could be made common/shared.

Thanks

output {
    if [type] == "apache-access" {
        elasticsearch {
            hosts => ["localhost:9200"]
            sniffing => true
            manage_template => false
            index => "ap-index"
        }
    } else if [type] == "symfony-dev" {
        elasticsearch {
            hosts => ["localhost:9200"]
            sniffing => true
            manage_template => false
            index => "my-hello-index"
        }
    }
}

Christian_Dahlqvist · July 3, 2017, 6:18am

As the only thing that differs is the index prefix, you can set the index prefix in a metadata parameter in the index block and then reference this in a single output as described in this post. This means that you only need one elasticsearch output irrespective of index name, which in addition to clean up the configuration also can improve performance as a batch only will result in a single, larger bulk request.

system · July 31, 2017, 6:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to avoid the repetition of code in the output section in Logstash Logstash	2	437	November 27, 2019
How to duplicate message in 2 elasticsearch index Logstash	1	779	July 6, 2017
Log duplicated in multiple indexes Logstash	12	1947	July 6, 2017
Multiple templates in one logstash.conf Elasticsearch	3	2367	July 5, 2017
Same information in differents Indexes Elasticsearch	5	648	July 5, 2017

Removing duplications in output block

Related topics