Setting custom index for two data sources in filebeat 7.x

I am trying to add two index types based on the different log sources in filebeat 7.6.2, i have managed to get custom name running for one of the source however cant seem to find how this can be done for different data sources / indexes

My current filebeat config is below:

filebeat:
config:
inputs:
path: /etc/filebeat/filebeat.yml
filebeat:
inputs:
- input_type: log
paths:
- /var/log/messages
- /var/log/secure
exclude_files: ['.gz$']
ignore_older: 48h
clean_inactive: 72h
- input_type: log
paths:
- /var/log/.logging_history/commands.log
exclude_files: ['.gz$']
ignore_older: 48h
clean_inactive: 72h
output:
elasticsearch:
hosts: ["XXXX:9200"]
index: "inf_os_logs_at"
#logstash:
#hosts: ["XXXX:5044","XXXXX:5044"]
#loadbalance: true
compression_level: 3
worker: 6
logging:
to_files: true
files:
path: /var/log/mybeat
name: beat.log
keepfiles: 7
rotateeverybytes: 104857600 # = 100MB
level: info
setup.ilm.enabled: false
setup.template.enabled: true
setup.template.name: "inf_os_logs_at-%{[agent.version]}"
setup.template.pattern: "inf_os_logs_at-%{[agent.version]}-*"

Checking if any one has any suggestions

Managed to get this working using below code

filebeat:
  config:
    inputs:
      path: /etc/filebeat/filebeat.yml
filebeat:
  inputs:
    - input_type: log
      paths:
        - /var/log/messages
        - /var/log/secure
      fields:
        type: "inf_os_logs"
      exclude_files: ['\.gz$']
      ignore_older: 48h
      clean_inactive: 72h
    - input_type: log
      paths:
        - /var/log/.logging_history/commands.log
      exclude_files: ['\.gz$']
      fields:
        type: "test"
      ignore_older: 48h
      clean_inactive: 72h
output:
  logstash:
    hosts: ["XXXXX:5044"]
    compression_level: 3
    worker: 6
logging:
  to_files: true
  files:
    path: /var/log/mybeat
    name: beat.log
    keepfiles: 7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.