Sending Nginx logs to elasticsearch using Filebeat

Raghav_Garg · February 5, 2019, 10:57am

Hello,

I am trying to send nginx logs from my app-server to log-server(elasticsearch) using filebeat. I am using Nginx module for this purpose, and it is working great.

But, I am unable to change "index" for these logs. I am trying to configure my filebeat.yml file to achieve this behavior.

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /home/ubuntu/project/logs/*.log
  fields:
    log_type: pm2-logs

filebeat.config.modules:
  enabled: true
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true
  fields:                # i have added these myself, no docs suggested it.
    log_type: nginx-logs # i have added these myself, no docs suggested it.

setup.template.name: "setup-elk"
setup.template.pattern: "setup-elk-*"

output.elasticsearch:
    index: "setup-elk-%{[fields.log_type]}-%{[beat.version]}-%{+yyyy.MM.dd}"

When I add fields to filebeat.config.modules, it stop sending logs to elasticsearch.

I want my pm2 logs to be saved in the different index than nginx logs. Please let me know, if you guys need more info from my side.!

system · March 5, 2019, 10:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to index ngnix log file? Beats filebeat	4	340	April 30, 2018
How does one send nginx module output to a specified index using filebeat with logstash output Beats filebeat	1	287	February 28, 2020
Filebeat Module Custom Index Beats filebeat	2	1798	June 14, 2019
Elasticsearch output for filebeat to get only nginx logs Beats filebeat	1	281	June 9, 2021
Filebeat puts all logs in only one index Beats filebeat	3	656	December 4, 2020

Sending Nginx logs to elasticsearch using Filebeat

Related topics