Send to multiple elasticsearch index with different fields

WangXiangUSTC · August 16, 2017, 8:35am

I have log like this:

{
"info":"just for search",
"url":"123.234.123.234:8080/abc",
"response": {
"code": 200,
"status": ok,
"cmd": "login"
}
}

and I want to send the total log into index A for text search, and send only the code/status/cmd to another index B for aggregation。

so， how to do this?

magnusbaeck · August 16, 2017, 9:25am

You need to use a clone filter to split each event in two. Then use different filters on each copy of the message and send them to different outputs.

WangXiangUSTC · August 16, 2017, 9:33am

what is clone filter? means two filter in one config file?

WangXiangUSTC · August 16, 2017, 9:35am

Ok, I have already know what is clone . Thank you !

Topic		Replies	Views
Send parts of a message to different Elasticsearch indices from a single Logstash instance Logstash	5	406	December 13, 2022
Send all data to one index and specific fields to another at same time Logstash	3	1004	May 12, 2022
Can I filter the Output data separately?! Logstash	9	11110	August 31, 2018
Two outputs with different data Logstash	4	574	May 20, 2018
One Input Event - 2 Output Events Logstash	5	3046	May 11, 2018