Separate production logs - logstash

Habbiot · March 20, 2019, 3:04pm

This is a to continue [Separate production logs].

I have an single ELK stack collecting both Production and Development logs. Logstash is parses logs to elasticsearch.

How can I use the same cluster to separate production from development logs ?
what is the recommended approach to collect logs use ELK stack when more then two environments are present eg, test, dev, stage etc..

kharvey · March 20, 2019, 3:42pm

You can just setup different indexes for your production and development logs in the Output of your pipeline.

output {
	if "realtime-log" == [type] {
		elasticsearch {
			ssl => true
			cacert => "/etc/logstash/.crt"
			hosts => [ "https://elasticsearch:9200" ]
			codec => "json"
			action => "index"
			index => "%{indexname}-%{+YYYY.MM.dd}"
			id => "realtime-log-out"
		}
	}
}

In this case, I am setting an indexname and appending the current date to my index before I submit it to Elastic Search.

system · April 17, 2019, 3:42pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Separate production logs Elasticsearch	4	389	April 17, 2019
Best Practices for supporting Test vs Production environments and different data sources Logstash	3	6807	November 27, 2017
Unable to differentiate logs Elasticsearch	13	1819	May 30, 2017
Should Logstash and ES be in different machines in production? Logstash	3	3867	July 6, 2017
Logstash different .conf inputs are mixing up entries in indexes Logstash	4	975	April 24, 2019

Separate production logs - logstash

Related topics