Two filebeat servers setting output to same elasticsearch

My question is, I have filebeat configured in 2 ec2 instance. In one server I have few tools along with filebeat, in another server also few tools, filebeat and elasticsearch is configured. Can I set output of both filebeat to same elasticsearch without getting logstash in middle?

Yes you can.

Okay, then how can I differentiate between two filebeat logs?

They will have a source host name in the event, so you can filter on them.

1 Like

Sorry for late reply, I will tell my scenario please explain what I can do to solve the problem.
I have 2 ec2 instances.
Instance 1 -> Sonar and nexus are installed, I want to monitor system metrics using merticbeat, sonar and nexus logs using filebeat.
Instance 2 -> Rundeck is installed, same goes here also metricbeat and filebeat for rundeck logs.
Instance 3 -> Elasticsearch and Kibana are installed.

So now if I give both instance 1 and instance 2 beats output to ES which is installed in instance 3, will it work?
If yes, how can I get different index for beats installed in 2 instances?

Yes that will work.

If you want different indices for each host, then you can use the host's name in the index. Check out https://www.elastic.co/guide/en/beats/filebeat/current/elasticsearch-output.html#index-option-es.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.