Two filebeat servers setting output to same elasticsearch

My question is, I have filebeat configured in 2 ec2 instance. In one server I have few tools along with filebeat, in another server also few tools, filebeat and elasticsearch is configured. Can I set output of both filebeat to same elasticsearch without getting logstash in middle?

Yes you can.

Okay, then how can I differentiate between two filebeat logs?

They will have a source host name in the event, so you can filter on them.

1 Like

Sorry for late reply, I will tell my scenario please explain what I can do to solve the problem.
I have 2 ec2 instances.
Instance 1 -> Sonar and nexus are installed, I want to monitor system metrics using merticbeat, sonar and nexus logs using filebeat.
Instance 2 -> Rundeck is installed, same goes here also metricbeat and filebeat for rundeck logs.
Instance 3 -> Elasticsearch and Kibana are installed.

So now if I give both instance 1 and instance 2 beats output to ES which is installed in instance 3, will it work?
If yes, how can I get different index for beats installed in 2 instances?

Yes that will work.

If you want different indices for each host, then you can use the host's name in the index. Check out

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.