Send multiple log files to elastic via filebeat

sLuvpreet33 · April 21, 2017, 12:20pm

I want to send multiple log files from filebeat to elastic.

Like this,

filebeat.prospectors:

  - input_type: log
     paths:
       - /var/log/postgresql/postgresql-2017-04-21_120121.log
     document_type: postgresql
  - input_type: log
     paths:
       - /var/log/nginx/alpha-acccess.log
     document_type: nginx

In the output, I want to send to elasticseach,

output.elasticsearch:
  # Array of hosts to connect to.
   hosts: ["localhost:9200"]
   index: 'postgresql-log'
   versions.2x.enabled: false

I want to store the "postgresql" logs under the postgresql index, and the nginx log under the nginx index.

But here in the filebeat.yml , I can give only 1 name to the index, means these both will be stored under 1 index. How can I store these under different indices ?

I do not want to use logstash as that is too heavy and my system has trouble running logstash.

ruflin · April 24, 2017, 8:31am

The index name supports format strings. This should be helpful in your case: https://www.elastic.co/guide/en/beats/libbeat/current/config-file-format-type.html#_format_string_sprintf

system · May 12, 2017, 12:35pm

This topic was automatically closed after 21 days. New replies are no longer allowed.