Syslog index

Elastic Stack Elasticsearch
1

Hi,

I currently have one index with fields for Syslog and NETFlow at the same time and can visualize them both on the Discover tab on Kibana.

Would I be able to create a seperate index for just my incoming Syslogs? I tried looking up how to make a index and managed to create a test one, but I don't understand how I can tell that it's gonna process Syslogs and have the required fields/template for it.

Because my test index is just empty right now. I can select it on Kibana when creating a new index, but it has no time fields or whatever to select.

Can someone guide me?

2

You can split them based on their hosts. I 've done something similar based on the type.

output { if [type] == "filesystem" { elasticsearch { hosts => ["localhost:9200"] index => ["logstash-%{+YYY.MM.dd}"] } } else if [type] == "http" { elasticsearch { hosts => ["localhost:9200"] index => ["packetbeat-%{+YYYY.MM.dd}"] } } else if [type] == "syslog" { elasticsearch { hosts => ["localhost:9200"] index => ["filebeat-%{+YYYY.MM.dd}"] } } else { elasticsearch { hosts => ["localhost:9200"] index => ["topbeat-%{+YYYY.MM.dd}"] } } }

Of course you can use any name you want for the indexing.

Hope this helps.