Hello,
I am trying to send nginx logs from my app-server to log-server(elasticsearch) using filebeat. I am using Nginx module for this purpose, and it is working great.
But, I am unable to change "index" for these logs. I am trying to configure my filebeat.yml file to achieve this behavior.
filebeat.inputs:
- type: log
enabled: true
paths:
- /home/ubuntu/project/logs/*.log
fields:
log_type: pm2-logs
filebeat.config.modules:
enabled: true
path: ${path.config}/modules.d/*.yml
reload.enabled: true
fields: # i have added these myself, no docs suggested it.
log_type: nginx-logs # i have added these myself, no docs suggested it.
setup.template.name: "setup-elk"
setup.template.pattern: "setup-elk-*"
output.elasticsearch:
index: "setup-elk-%{[fields.log_type]}-%{[beat.version]}-%{+yyyy.MM.dd}"
When I add fields to filebeat.config.modules, it stop sending logs to elasticsearch.
I want my pm2 logs to be saved in the different index than nginx logs. Please let me know, if you guys need more info from my side.!