Hi! We use Filebeat and we receive messages from different sources with the same port. Is the a way to send these messages that come from the same port to different indexes? For example, switch messages should only be send to the switch index and FW messages only to the FW index.
Hi,
This should be possible if u set a condition in ingest node pipeline. if these patterns has some different source then try to use a grok processor to capture these source and then use script processor to send it to index which u want it to go.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.