Separate configs, different indexes yet both logs go to both indexes

X_Calibur · October 2, 2017, 8:09am

I have the following 2 config files:

############IMAP Email reader############

input {
imap {
host => "imap.gmail.com"
user => "account@gmail.com"
password => "pass"
secure => true
port => 993
check_interval => 30

}
}

output{
elasticsearch {
hosts => ["localhost:9200"]
index => "mailbox-%{+YYYY.MM.dd}"
user => user
password => pass
}
}

#########SYSLOG to firewall##########

input{

    syslog {
            type => "syslog"
            port => 55555
    }

}

output{
elasticsearch {
hosts => ["localhost:9200"]
index => "fortigate-%{+YYYY.MM.dd}"
user => user
password => pass
}
}

For some reason I'm seeing both logs on both indexes. Meaning the indexes are duplicates of each other. I have no idea how and why that happens...

Christian_Dahlqvist · October 2, 2017, 8:18am

Have a look at this thread. Logstash basically concatenates all files in the config directory, which means that all inputs will go to all outputs unless you use conditionals.

system · October 30, 2017, 8:18am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Logs duplicated in all indices Elasticsearch	2	981	May 8, 2018
Two indexes receiving same content regardless of logstash conf files Logstash	4	558	June 3, 2019
Logstash different .conf inputs are mixing up entries in indexes Logstash	4	974	April 24, 2019
Logstash multiple pipelines going into same index Logstash	3	2335	May 13, 2018
2 conf sending data to the same index Logstash	8	338	June 17, 2023

Separate configs, different indexes yet both logs go to both indexes

Related topics