Tags index with logstash and filebeat

stefanocog · March 17, 2016, 9:15am

I actually use logstash-forwarder and logstash and create a dinamic index with tag with thus configuration:
/etc/logstash/conf.d/10-output.conf

output {
elasticsearch {
hosts => "localhost:9200"
manage_template => false
index => "logstash-%{tags}-%{+YYYY.MM.dd}"
}
}

/etc/logstash-forwarder.conf

"files": [
{
"paths": [
"/var/log/httpd/ssl_access_log",
"/var/log/httpd/ssl_error_log"
],
"fields": { "type": "apache", "tags": "mytag" }
},

I convert the configuration files to filebeat in this way:
/etc/filebeat/filebeat.yml

filebeat:
prospectors:
-
paths:
- /var/log/httpd/access_log
input_type: log
document_type: apache
fields:
tags: mytag

Now in kibana to all index, instead of mytag i see beats_input_codec_plain_applied

sunilmchaudhari · April 29, 2016, 5:48pm

Hi
I am facing the same issue.
did you get any solution for this problem?

br,
Sunil

stefanocog · May 2, 2016, 7:20am

unfortunately still no.....i have to find an alternative with other fields and manage with if to logstash output conf file

stefanocog · June 14, 2016, 3:08pm

I have resolved inserting a filter to logstash:

filter {
    if "beats_input_codec_plain_applied" in [tags] {
        mutate {
            remove_tag => ["beats_input_codec_plain_applied"]
        }
    }
}