Split up indices based on? tags?

Maekee · October 20, 2017, 11:43am

This seems to work, which also makes sure my Kibana index parttern winlogbeat-* still works

output {
  if "radius" in [tags] {
    elasticsearch {
      hosts => "elasticsearchIP:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-radius-%{+YYYY.MM.dd}"
      document_type => "%{[@metadata][type]}"
    }
  } else {
    elasticsearch {
      hosts => "elasticsearchIP:9200"
      manage_template => false
      index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"
      document_type => "%{[@metadata][type]}"
    }
  }
}

How do you other guys separate indices?

Topic		Replies	Views
How to route logs to different Indexs Logstash	9	7149	July 25, 2017
Winlogbeat via Logstash into Elasticsearch Logstash	18	7776	July 22, 2017
Output logs to multiple index from logstash Logstash	7	5848	December 20, 2019
How to divide data from one agent into two indexes? Logstash	2	341	September 19, 2019
Distinguish Winlogbeat traffic in Logstash Beats winlogbeat	2	748	May 26, 2018

Split up indices based on? tags?

Related topics