Use of filebeat templates - single template vs multiple templates

mvienne · March 6, 2020, 10:07am

I'm confused about the use of filebeat templates with the file fields.yml.

If I want to store two types of logs into elasticsearch, let's say apache logs and postgres logs, is it better to have a single template in the file fields.yml, or should I instead use multiple templates (logstash-6.2.3-apache* and logstash-6.2.3-postgres*)?

If I chose the former, is it really a good practice to merge the definition of unrelated fields into a single template?
If I chose the latter, am I supposed to setup my templates manually in elasticsearch with PUT _template/logstash-6.2.3-apache for example?

mvienne · March 6, 2020, 10:27am

I want to define my own templates, because I want to store logs other than apache and postgres which don't have modules available

Topic		Replies	Views
Refer to multiple templates in logstash elastic output? Logstash	1	430	July 3, 2019
Multiple templates in single file in logstash's elasticsearch output plugin Elasticsearch	3	1758	March 11, 2019
Is filebeat 6.1.0 support multi templates setup? Beats filebeat	2	1495	January 23, 2018
Filebeat to logstash template Beats filebeat	2	546	March 24, 2017
Select template for different types of logs in Filebeat Beats filebeat	3	1325	November 27, 2019

Use of filebeat templates - single template vs multiple templates

Related topics