Separate production logs - logstash

Elastic Stack Logstash
1

This is a to continue [Separate production logs].

I have an single ELK stack collecting both Production and Development logs. Logstash is parses logs to elasticsearch.

  1. How can I use the same cluster to separate production from development logs ?
  2. what is the recommended approach to collect logs use ELK stack when more then two environments are present eg, test, dev, stage etc..
2

You can just setup different indexes for your production and development logs in the Output of your pipeline.

output {
	if "realtime-log" == [type] {
		elasticsearch {
			ssl => true
			cacert => "/etc/logstash/.crt"
			hosts => [ "https://elasticsearch:9200" ]
			codec => "json"
			action => "index"
			index => "%{indexname}-%{+YYYY.MM.dd}"
			id => "realtime-log-out"
		}
	}
}

In this case, I am setting an indexname and appending the current date to my index before I submit it to Elastic Search.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.