Use of filebeat templates - single template vs multiple templates

mvienne · March 6, 2020, 10:07am

I'm confused about the use of filebeat templates with the file fields.yml.

If I want to store two types of logs into elasticsearch, let's say apache logs and postgres logs, is it better to have a single template in the file fields.yml, or should I instead use multiple templates (logstash-6.2.3-apache* and logstash-6.2.3-postgres*)?

If I chose the former, is it really a good practice to merge the definition of unrelated fields into a single template?
If I chose the latter, am I supposed to setup my templates manually in elasticsearch with PUT _template/logstash-6.2.3-apache for example?

mvienne · March 6, 2020, 10:27am

I want to define my own templates, because I want to store logs other than apache and postgres which don't have modules available

system · April 3, 2020, 10:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Filebeat to logstash template Beats filebeat	2	513	March 24, 2017
Refer to multiple templates in logstash elastic output? Logstash	1	405	July 3, 2019
Using multiple template inside the logstash'selasticsearch output plugin Logstash	4	1597	July 6, 2017
Filebeat > Logstash > Elasticsearch : Which index template? Logstash	2	511	July 6, 2017
About index template upon output from logstash to elasticsearch Logstash	4	477	July 6, 2017

Use of filebeat templates - single template vs multiple templates

Related Topics