Hello,
I have explored several forums but can't find any answers to my question.
I'm trying to get 2 Filebeat inputs and redirect them via Logstash with 2 different file outputs.
Here are my configuration files:
filebeat.yml:
# ============================== Filebeat inputs ===============================
filebeat.inputs:
# Each - is an input. Most options can be set at the input level, so
# you can use different inputs for various configurations.
# Below are the input specific configurations.
# filestream is an input for collecting log messages from files.
- type: filestream
# Unique ID among all inputs, an ID is required.
id: ID1
# Change to true to enable this input configuration.
enabled: true
# Paths that should be crawled and fetched. Glob based paths.
tags: ["tag1"]
paths:
- /var/log/site1/access.log
#- c:\programdata\elasticsearch\logs\*
- type: filestream
id: ID2
enabled: true
tags: ["tag2"]
paths:
- /var/log/site2/access.log
Logstash.config:
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
mutate {
convert => {
"response" => "integer"
"bytes" => "integer"
}
}
}
output {
if "tag1" in [tags]{
stdout { codec => rubydebug }
file {
path => "/var/central-log/Output1.log"
}
}
else if "tag2" in [tags]{
stdout { codec => rubydebug }
file {
path => "/var/central-log/Output2.log"
}
}
}
Is this the right method? Can you help me?
Thank you,