Syslog index

brayndasilva · April 7, 2016, 9:43am

Hi,

I currently have one index with fields for Syslog and NETFlow at the same time and can visualize them both on the Discover tab on Kibana.

Would I be able to create a seperate index for just my incoming Syslogs? I tried looking up how to make a index and managed to create a test one, but I don't understand how I can tell that it's gonna process Syslogs and have the required fields/template for it.

Because my test index is just empty right now. I can select it on Kibana when creating a new index, but it has no time fields or whatever to select.

Can someone guide me?

mourlos · April 7, 2016, 3:43pm

You can split them based on their hosts. I 've done something similar based on the type.

output { if [type] == "filesystem" { elasticsearch { hosts => ["localhost:9200"] index => ["logstash-%{+YYY.MM.dd}"] } } else if [type] == "http" { elasticsearch { hosts => ["localhost:9200"] index => ["packetbeat-%{+YYYY.MM.dd}"] } } else if [type] == "syslog" { elasticsearch { hosts => ["localhost:9200"] index => ["filebeat-%{+YYYY.MM.dd}"] } } else { elasticsearch { hosts => ["localhost:9200"] index => ["topbeat-%{+YYYY.MM.dd}"] } } }

Of course you can use any name you want for the indexing.

Hope this helps.

Topic		Replies	Views
Clarification on indexes and Syslog + NETFlow Kibana	4	1851	July 6, 2017
Help in Data collection and indexing Elasticsearch	26	1782	June 14, 2018
Logstash parsing syslog to different indices depending on source hosts Logstash	6	5282	August 8, 2017
How to create logstash-* index pattern to see syslog messages Kibana	3	1460	August 4, 2021
Elk-Create New Index-Indices Logstash	8	10025	July 6, 2017

Syslog index

Related topics