Sending Nginx logs to elasticsearch using Filebeat

Raghav_Garg · February 5, 2019, 10:57am

Hello,

I am trying to send nginx logs from my app-server to log-server(elasticsearch) using filebeat. I am using Nginx module for this purpose, and it is working great.

But, I am unable to change "index" for these logs. I am trying to configure my filebeat.yml file to achieve this behavior.

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /home/ubuntu/project/logs/*.log
  fields:
    log_type: pm2-logs

filebeat.config.modules:
  enabled: true
  path: ${path.config}/modules.d/*.yml
  reload.enabled: true
  fields:                # i have added these myself, no docs suggested it.
    log_type: nginx-logs # i have added these myself, no docs suggested it.

setup.template.name: "setup-elk"
setup.template.pattern: "setup-elk-*"

output.elasticsearch:
    index: "setup-elk-%{[fields.log_type]}-%{[beat.version]}-%{+yyyy.MM.dd}"

When I add fields to filebeat.config.modules, it stop sending logs to elasticsearch.

I want my pm2 logs to be saved in the different index than nginx logs. Please let me know, if you guys need more info from my side.!

system · March 5, 2019, 10:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat Module Custom Index Beats filebeat	2	1777	June 14, 2019
Create indexes from previous nginx access logs Beats filebeat	4	283	November 15, 2022
How does one send nginx module output to a specified index using filebeat with logstash output Beats filebeat	1	275	February 28, 2020
Unable to get nginx messages to kibana through filebeat Beats filebeat	15	2889	September 6, 2017
Filebeat sending two logs in nginx module Beats filebeat	2	280	September 1, 2021

Sending Nginx logs to elasticsearch using Filebeat

Related topics